Personal data is accessible and manageable only by properly authorized staff.
Direct database query access is restricted.
Access rights to our applications used to process personal data are established and enforced; access is via secure passwords and two-factor authentication, where possible.
Personal data is never stored locally, or in physical form.
Arbiter will always encrypt sensitive data (e.g. passwords, credentials you create in the app to communicate with different services) when transitioning data to/from different services to ensure it cannot be read, copied, modified or removed without authorization during electronic transmission or transport.
Arbiter has the decryption key at hand to decrypt that data for use.
Account passwords are hashed. Our own staff can't even view them. If you lose your password, it can't be retrieved — it must be reset.
We generate daily backups of execution data, stored workflows, webhooks and encrypted credentials, and store them using a secure sub-processor. These backups enable us to restore your data in case of accidental deletion or subscription cancellation.
By default, raw execution logs are purged on a rolling basis, and are deleted no more than 30 days after executions have taken place, unless longer log retention time is requested by the user.