Information security and data privacy
Note
The Celonis Platform adheres to the highest information security standards in order to protect your data.
Keeping all data safe and reliable is at the core of our service offering and our team is relentless when it comes to preventing possible points of failure
FAQs about information security and data privacy
Where is the data stored?
Celonis leverages Microsoft and Amazon hosting services. The hosting location of the customer’s database generally corresponds to the location of the customer (e.g. the data of European customers is hosted in a data center located in the EU).
How is the data encrypted?
All data transferred to Celonis is always encrypted via HTTPS using TLS 1.2 or higher. All data at rest is encrypted using AES-256 encryption.
Does personal data have to be processed?
Besides user account-related data (e.g. name, email, log files), no personal data is required to analyze processes in Celonis Platform. But, depending on the use case and the individual implementation of the client, personal data may be needed. Pseudonymization features are offered in such cases. The client is in full control of any personal data processed.
Can data be deleted?
You can request the deletion of data at any time. Retention times for user-related log files (audit trail) are configurable. Backups are destroyed following industry standards and advanced techniques for data destruction. By default, the customer's database is deleted within 30 days of contract termination.
Is Celonis GDPR compliant?
Celonis solutions are designed according to the principles of data privacy by design and by default. For more information, see the White Paper on our Privacy Page.
Which certifications does Celonis have?
Among others, Celonis is certified for ISO27001, ISO27701 and ISO9001. Click here to find out more about our compliance efforts and certifications.