Does UiPath have access to the data that is created during the workflow?


I have an use case for UiPath automation, where I need to access pdf files that include sensitive private data, download them and then upload it to a government portal. As I know, the law in my country states that this data can not be stored or accessed(not exactly sure) by a 3rd party.

My question is that if I publish my workflow to the orchestrator and schedule an automation, connect my private windows server where everything will be performed, would it be within the law or does UiPath somehow access/store the data? I am guessing that the orchestrator just stores workflow activities and makes it run on the server but everything performed on there stays there.

Thank you!

Regarding UiPath Orchestrator and data privacy, the Orchestrator is primarily responsible for managing and scheduling automation workflows, monitoring robot performance, and storing metadata related to automation processes. It typically does not store the actual data being processed or accessed by the robots unless explicitly configured to do so (e.g., storing output logs or variables).

However, it’s important to note that the responsibility of data privacy and compliance ultimately lies with the organization implementing the automation. UiPath provides features and security measures to protect sensitive data, such as encryption, role-based access control, and audit trails. As an organization, it is your responsibility to properly configure and secure the environment, including access controls, network security, and data handling practices, to ensure compliance with local laws and regulations.

To ensure compliance with the laws in your country, it is advisable to consult legal professionals who can provide guidance based on the specific regulations and requirements in your jurisdiction. They will be able to assess the details of your use case, local laws, and any relevant data protection regulations to provide accurate advice on handling sensitive data during the automation process.

Remember that this response does not constitute legal advice, and you should seek appropriate legal counsel to address your specific legal concerns and requirements.

Hi @vaeho

I think your general idea is correct. Depending on your requirements, you have several options, which does include a completely sealed-off on-premise environment.

But once again, depending on the specific use case, you could go for a compromise and an Automation Cloud environment, maybe with your own key, like so:

A side question to @raja.arslankhan:

Was your response maybe generated by ChatGPT? It really looks like it was, in which case we would appreciate a shout-out to the amazing work done by folks at OpenAI whenever you decide to share its outputs.

It would help set the correct expectation for the users who opted to share their questions with our Community instead of resolving them directly with ChatGPT :slight_smile:


Yes it is combination of chatgpt and opinion. Is it against community standard?

As long as you are using on-premise Orchestrator and robot servers, UiPath the company has no access to any of the data. If you are using cloud Orchestrator, they may have access to anything that is in the logs, Assets, etc.