Q: I understand that no work has been done on GDPR compliance, but can you confirm if automation login data and ...
data harvested by the automation ever leaves the desktop application to your servers or anywhere else?
If not, then there is no significant GDPR issue. If it does then no one subject to GDPR can use it in the context of personal data.
Thanks
Faik_Robomotion
May 14, 2024A: Hello Tyke,
All of our servers are in Germany. No processed data leaves the server running the robot. Your credentials in the Vault is kept encrypted and only you have the decryption keys to that credential and your robot (you have to inject your vault secret for the robot to use it) which is again on your machine. We don't keep these keys and don't have them. Here is how it works => https://www.loom.com/share/e237ba429ae94ced9d74f92df5c9e7b4
Robomotion tools are web-based, so while you are developing your flow, the execution is in the robot on your machine, the only data gets out is if you use our "Debug" node to see the flow internals and variable data and state while developing. Because the tools are web based there has to be a way to pass this data from your robot to your web designer for you to see the internal state and develop/fix accordingly. This debug data is not persisted anywhere, passed encrypted between your robot and your browser only over SSL. If you want, you can use a test Excel while developing for example and with production environment you can use the real Excel and when you deploy to production (no Debug node in production) meaning no prod data out.
Best,
TykeTatThank you. One thing is that for UK based users, servers being in Germany is better than many places, but not ideal because it is still a non-UK jurisdiction. "All of our servers are in Germany. No processed data leaves the server running the robot." sounds like it imples that the servers running the robots are in Germany, but I understand from your later comments that the server running the robot is local to the user. Could you therefore state what (if any) customer data other than account and payment data reaches your servers in Germany?
Hello,
Our robots operate on your local machine, not on our servers in Germany - unless you explicitly want to use our Cloud Run feature. The only connection to our German servers is through your browser for accessing the Flow Designer for development, the Admin Console for scheduling and managing your robots, flows and user management. No data files generated, read or created, potentially containing personal or sensitive information, is processed or stored on our servers. All data you automate with your local robot remains on your machine. Additionally, credentials used in your workflows are securely encrypted and stored in our servers; however, we do not have or keep the encryption keys—only you have access to them.
During development, when you use the Debug node, your data passed between the nodes is encrypted and securely transmitted over SSL to the web interface directly, allowing you to inspect your workflow’s / robot's internals and state for debugging. This data is neither persisted nor visible during production—it's strictly for your eyes during development.
In summary, no customer data processed on your computer within the flow is transmitted to our servers in Germany. Your operational data stays on your local robot and does not fall under non-UK jurisdiction through our services—with the exception of your debugging data, which is temporary and under your control during the development phase. As explained before, otherwise you can not do development in your browser.
The only other option not included in this deal is our on-premise installation for Enterprise customers. This alternative allows us to install the entire system servers, databases, along with the robot, directly into the customer's infrastructure. However, this is a separate solution from the current offer and is significantly more expensive. The prices of our LTD deals cannot compare to this option, which makes the current offer an exceptional value. We view LTDs as a marketing option for increasing our brand awareness and expanding our community.
I hope this clarifies any concerns.
Best,