Pipedream

Pipedream

Pipedream is a serverless workflow automation and API integration platform. It operates primarily as a backend service with no direct browser-side script presence on third-party websites. Where embedded, it may surface lightweight webhook trigger interfaces or automation status widgets.

Back to Vendor Library

Overview

Pipedream is a serverless workflow automation and integration platform that connects APIs and triggers event-driven processes between cloud services. Developers use it to build multi-step workflows that react to webhooks, scheduled events, or API polling triggers, transforming and routing data between services without managing infrastructure. Pipedream operates almost entirely server-side — its presence on websites is typically limited to webhook endpoints or embedded workflow trigger widgets.

What This Script Does

Webhook Trigger Endpoints

Pipedream's primary interface for websites is its webhook endpoint system. A website sends HTTP POST requests to a Pipedream-hosted endpoint (api.pipedream.com/v1/sources/{source-id}/events) to trigger a workflow. The payload contains whatever data the site chooses to send — form submissions, event data, or structured API payloads. The webhook trigger receives the data and routes it through the configured workflow steps.

Pipedream Connect (Embedded OAuth)

Pipedream Connect is a newer product that embeds an OAuth authorization flow directly in a third-party application. A JavaScript component loads the Pipedream Connect UI, allowing end users to authorize integrations (e.g., connecting their Google Calendar or Slack) without leaving the host application. This loads scripts from Pipedream's CDN.

Cookies Set

Pipedream sets no cookies in the standard webhook-trigger usage pattern. In the Connect embedded OAuth flow:

  • pd_session — First-party session cookie set by Pipedream within the embedded iframe during OAuth authorization. Duration: session.
  • pd_user — First-party persistent cookie within Pipedream's own domain context for authenticated Pipedream users. Duration: 30 days.

Domains Contacted

  • api.pipedream.com — REST API and webhook endpoint receiver.
  • pipedream.com — CDN for Pipedream Connect JavaScript components.
  • connect.pipedream.com — OAuth authorization interface for Pipedream Connect embedded flows.

Data Collected Per Interaction

  • In webhook mode: only what the site operator explicitly sends in the POST payload — Pipedream itself does not collect additional data from the end user's browser.
  • In Connect mode: the user's OAuth authorization, connected account details, and the IP address of the authorization request.
  • Pipedream logs workflow execution metadata (trigger time, step durations, success/failure) in the operator's Pipedream account.

Consent & Compliance

GDPR / ePrivacy: Pipedream's webhook trigger is a server-to-server call and involves no browser-side cookie setting or data collection from the end user. It therefore has no ePrivacy implications in standard webhook usage. Pipedream Connect's embedded OAuth flow may set session cookies and process the user's account credentials — this is functional processing directly requested by the user and does not require separate marketing consent. The data processor relationship between the operator and Pipedream should be documented in a DPA.

CCPA / CPRA: Pipedream processes data as a service provider under the operator's control. In webhook mode, it processes only what the operator explicitly sends. This is not a sale of personal information.

EU-US Data Privacy Framework: Pipedream is a US-based company. EU operators using Pipedream to process EU resident data should confirm Pipedream's Standard Contractual Clauses are in place.

Consent Category: Functional. Pipedream is an automation infrastructure tool with no advertising or behavioral tracking purposes.

Should You Block This Without Consent?

No. In standard webhook usage, Pipedream involves no client-side JavaScript and therefore has no consent implications from the user's browser perspective. In Connect mode, it performs a function explicitly initiated by the user (authorizing an OAuth integration). Neither use case constitutes marketing profiling or behavioral tracking requiring prior consent.

Visit website

Consent Categories

Functional

Also Known As

pipedreampipedream automationworkflow automation privacypipedream webhooksapi integration consent

Industries

Computers Electronics and Technology

Tracked Domains (1)

pipedream.comFunctional

Frequently Asked Questions

Do I need consent to use Pipedream on my website?

Generally no. In standard webhook usage, Pipedream is server-to-server with no client-side cookies or browser tracking. Pipedream Connect (embedded OAuth) sets functional session cookies tied to a user-initiated action, which does not require prior marketing consent.

What data does Pipedream collect?

In webhook mode, Pipedream only receives what your server explicitly sends — no browser data is collected. In Connect (embedded OAuth) mode, it sets a session cookie (pd_session) and a 30-day persistent cookie (pd_user) on pipedream.com, plus logs the IP of the authorization request.

How does ConsentStack handle Pipedream?

ConsentStack categorizes Pipedream as functional. In webhook mode there is no client-side script to block. If Pipedream Connect is embedded, ConsentStack allows it without a consent gate since it performs a function explicitly initiated by the user.

Related Vendors

Google Search
Google Search
Google Search appears on websites through the Programmable Search Engine, enabling custom site-specific search functionality. Scripts load the search widget from Google's servers to render search bars and display results within the host website. Sends search queries to Google's index and may set cookies for search personalization and query history.
Google Maps
Google Maps
Google Maps is the dominant web mapping service used for embedded maps and location features on websites. Scripts load interactive map tiles, geocoding, and Places API functionality through the Maps JavaScript API. May set cookies to remember map preferences and manage API quota.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Microsoft Power Apps
Microsoft Power Apps
Microsoft Power Apps is a low-code application development platform that enables embedded business applications on websites. Scripts load custom app interfaces from Microsoft's cloud, render form controls and data views, and connect to backend data sources through Power Platform connectors. Sets session cookies to maintain application state and user authentication.
Microsoft Teams
Microsoft Teams
Microsoft Teams is a workplace communication and collaboration platform that can be embedded on websites for chat, meetings, and document sharing. Embedded widgets load from Microsoft's servers to enable real-time messaging, video calls, and file collaboration. Sets authentication and session cookies to verify participant identity and maintain connection state.
Microsoft Viva
Microsoft Viva
Microsoft Viva is an employee experience platform that surfaces on websites through embedded engagement and learning modules. Scripts load content feeds and knowledge cards from Microsoft's cloud infrastructure. Sets authentication cookies for user identity and personalized workplace content delivery.

Manage consent for Pipedream

ConsentStack automatically detects and manages Pipedream trackers so your site stays compliant with global privacy regulations.

Get started free