adTempus Data Security

adTempus uses a comprehensive security framework that, when configured properly, offers tight control over which users have access to which data within adTempus.

adTempus stores its configuration data in a database that is under your control, and this data is generally not accessible by Arcana Development or other parties. It is your responsibility to limit access to this database to prevent unauthorized disclosure of the information it contains.

Passwords and some other sensitive data are stored in an encrypted form that reduces the chances of disclosure to others (for example, database administrators) who might view the database tables directly. However, because the same encryption key is generally used for all adTempus installations, it is possible for a determined user with access to the database (or a backup or copy of the database) to obtain and decrypt this information. Users who are concerned about this possibility should contact Arcana Development to discuss implementing site-specific encryption keys.

The database may also contain non-encrypted information that you consider sensitive, such as user account names, server names, IP addresses, file paths, etc.

Access by Arcana Development

In most cases your adTempus data is never accessible to Arcana Development. However, in limited circumstances we will have access:

  • If you provide us with a database backup or copy, or an export of your adTempus configuration, we will be able to view all information in the database, and it is possible for us to decrypt the encrypted sensitive data
  • If you provide us with log files for diagnosing adTempus problems, these log files do not contain passwords, but may contain other information that you consider sensitive

When you provide us with database or log files, we have policies and procedures in place to ensure that:

  • All information is treated as confidential and is used only as required for providing support services
  • Sensitive information is not disclosed outside of Arcana Development
  • Encrypted information remains encrypted and is not viewed by staff in decrypted form
  • Access is restricted to staff who have a direct need to work with the data
  • Data is not kept longer than necessary
  • Connection information for external service providers (see below) is removed or disabled to prevent us from connecting to these services, except when you explicitly authorize us to connect to these services in cases where it is necessary to provide support services to you

Customers with particular concerns about sensitive data should contact us prior to providing any data, so that we can provide instructions for redacting or limiting the amount of data sent to us.

External Connection Privacy and Security

adTempus can be configured to connect to external service providers to augment the capabilities of adTempus. For example:

  • Connecting to mail servers to send alerts, notification messages, and other email messages configured by you
  • Connecting to mail servers to read mail for email-based triggering or email processing tasks
  • Connecting to FTP, SFTP, or cloud storage providers for file-based triggering or file processing tasks

For such connections you must configure adTempus with the login credentials necessary to access your account with the provider, or otherwise authorize adTempus to act on your behalf (for example, through an OAuth consent process).

When you connect adTempus to a provider, the information required to connect to your account (user ID, password, access token, etc.) is stored in the adTempus database (which is under your control). adTempus will only send data to or retrieve data from these services at your direction (for example, through job or alert configuration). Data retrieved from these services is stored outside the adTempus database as configured by you (for example, in a local file). Data is exchanged directly between your local adTempus installation and the service provider, and does not pass through any computer systems controlled by Arcana Development.

In most cases, login information is never transmitted to Arcana Development, and we are therefore not able to use these credentials to access your accounts. In limited circumstances, access credentials and incidental information about your use of the service providers may be transmitted to Arcana Development while we are providing support services to you, as discussed in the Access by Arcana Development section above.