All apps

Is UiPath safe with your data?

B
UiPath icon

UiPath

UiPath, Inc.

76/100

Good disclosure · high confidence

UiPath earns a B (76/100) because it discloses most of its data practices.

#18

of 142 apps ranked

76

score · Automation avg 66

+10

vs category average

Grade scaleA · 85–100B · 70–84C · 55–69D · 40–54F · 0–39

UiPath publishes a GDPR-anchored privacy policy. It handles cloud customer data on a processor basis, names its sub-processors and transfer safeguards, and grants a full set of data-subject rights. Vague retention periods and no named security controls hold it to the B band.

What UiPath's privacy policy says about your data

Customer controls training data

For cloud products the customer is the data controller and UiPath the processor. Training is tied to the customer contract for product improvement, and the policy tells users not to put personal or sensitive data into Trial, Community or test versions.

Named sub-processors and transfer safeguards

The sharing section lists specific service providers such as Salesforce, Atlassian, Microsoft 365, AWS and Stripe under contractual agreements. International transfers rely on Standard Contractual Clauses, the UK International Data Transfer Addendum, and EU-U.S. and Swiss-U.S. Data Privacy Framework certification.

No selling or ad-sharing

The policy states it does not sell or share mobile or personal data, and that mobile data will under no circumstances be shared or sold for advertising or promotional use. California residents can opt out of sharing via dpo@uipath.com.

Retention and security stay vague

Most retention is described as a limited period as necessary, with only a few named windows such as Customer Advisory Board data at 18 months, candidate data up to a year, and interview recordings up to 3 months. The security section names no specific controls like TLS or AES, and no breach-notification timeframe is given.

What the policy is silent or vague on

  • Not stated: a way to opt out of training
  • Not stated: shorter retention for AI conversation logs
  • Not stated: breach notification
  • Only partial: keeping user inputs out of model training

UiPath privacy rating

Training-data use1 of 4 disclosed
Keeps user inputs out of model training, or makes training opt-inPartial
Names a way to opt out of or into trainingSilent
Says whether training use differs by plan or tierPartial
Lets the user keep ownership of generated outputsDisclosed
Data-subject rights5 of 5 disclosed
Grants a right to access your dataDisclosed
Grants a right to delete your dataDisclosed
Offers data portability in a usable formatDisclosed
Grants a right to correct your dataDisclosed
Grants a way to object to or opt out of processingDisclosed
Retention and deletion0 of 4 disclosed
States a retention period for your dataPartial
States a deletion timeline after closure or requestPartial
Sets a shorter retention for AI conversation logsSilent
Commits to collecting only the data it needsPartial
Third-party sharing4 of 5 disclosed
Lists the categories of third parties it shares withDisclosed
References a sub-processor list or data processing agreementDisclosed
Does not sell or share data for advertising, or offers opt-outDisclosed
Names a safeguard for international data transfersDisclosed
States a standard for government and law-enforcement accessPartial
Transparency3 of 4 disclosed
Discloses that you are interacting with AIDisclosed
Marks AI-generated or synthetic outputNot applicable
Enumerates the categories of data it collectsDisclosed
Maps processing purposes to legal basesDisclosed
Is versioned and dated, with change noticePartial
Sensitive data and children3 of 3 disclosed
Discloses automated decisions and a human-review pathDisclosed
Limits the use of special-category dataDisclosed
Governs biometric data specificallyNot applicable
States protections for children's dataDisclosed
Security and accountability1 of 3 disclosed
Describes its security safeguardsPartial
Commits to breach notificationSilent
Names a certification or a privacy contactDisclosed
DisclosedPartialSilentAdverseNot applicable

Details

Category
Automation
Modalities
text
Processes biometrics
No
Policy last updated
Not stated
Region scored
Global / US-default
Assessed
2026-06-20
Read UiPath's privacy policy

Other automation apps

n8n iconn8nBZapier iconZapierD

Each grade reflects our analysis of what an app states in its public privacy policy and terms as of the assessment date. It measures the transparency of those documents, not the company's actual data practices, security, or compliance. Grades are our opinion, offered for general information. Full disclaimer.

Is UiPath safe with your data? Grade B | AI App Trust & Transparency Index