Report Commander Data Security

Depending on how you use Report Commander, the program may store its configuration data in configuration files and project files, or you may send all required information to Report Commander on the program command line when you run it.

Passwords and some other sensitive data are stored in an encrypted form that reduces the chances of disclosure to others who might view the configuration files or command lines directly. However, because the same encryption key is generally used for all Report Commander installations, it is possible for a determined user with access to the information to decrypt it. Therefore you should take steps to limit access to the files that may contain this data. In particular you should take care when posting to public discussion forums, etc., that you not include your encrypted passwords.

Configuration files and command lines may also include non-encrypted information that you consider sensitive, such as user account names, server names, IP addresses, file paths, etc.

Access by Arcana Development

In most cases your Report Commander data is never accessible to Arcana Development. However, in limited circumstances we will have access:

  • If you provide us with your configuration file, project file, or command line, it is possible for us to decrypt the encrypted sensitive data
  • If you provide us with log files for diagnosing Report Commander problems, these log files do not contain passwords, but may contain other information that you consider sensitive

When you provide us with files, we have policies and procedures in place to ensure that:

  • All information is treated as confidential and is used only as required for providing support services
  • Sensitive information is not disclosed outside of Arcana Development
  • Encrypted information remains encrypted and is not viewed by staff in decrypted form
  • Access is restricted to staff who have a direct need to work with the data
  • Data is not kept longer than necessary
  • Connection information for external service providers (see below) is removed or disabled to prevent us from connecting to these services, except when you explicitly authorize us to connect to these services in cases where it is necessary to provide support services to you

Customers with particular concerns about sensitive data should contact us prior to providing any data, so that we can provide instructions for redacting or limiting the amount of data sent to us.

External Connection Privacy and Security

Report Commander can be configured to connect to external service providers to augment the capabilities of Report Commander. For example:

  • Connecting to mail servers to send reports
  • Connecting to FTP, SFTP, or cloud storage providers to download or store files

For such connections you must configure Report Commander with the login credentials necessary to access your account with the provider, or otherwise authorize Report Commander to act on your behalf (for example, through an OAuth consent process).

When you connect Report Commander to a provider, the information required to connect to your account (user ID, password, access token, etc.) is stored in a Report Commander project file or configuration file, or is provided by you on the command line when running Report Commander. Data is exchanged directly between your local Report Commander installation and the service provider, and does not pass through any computer systems controlled by Arcana Development.

In most cases, login information is never transmitted to Arcana Development, and we are therefore not able to use these credentials to access your accounts. In limited circumstances, access credentials and incidental information about your use of the service providers may be transmitted to Arcana Development while we are providing support services to you, as discussed in the Access by Arcana Development section above.