Security & Compliance

This page provides an overview of how Autom Mate addresses platform security, data protection, authentication controls, and infrastructure considerations.

Data Encryption

Autom Mate includes encryption mechanisms to protect data depending on the deployment architecture.

The encryption algorithm used within the platform is:

AES-256-GCM

Cloud deployment

In cloud environments, data is stored within the AWS infrastructure in a client-specific environment. If required, data stored in the Autom Data Store can be encrypted at rest.

On-premises deployment

When Autom Mate is deployed on-premises, the Autom Data Store is located within the Mate Agent running inside the customer environment. Data stored locally inside the customer's firewall is currently not encrypted.

Platform Communication

Autom Mate components communicate using different communication patterns depending on the interaction between services.

Communication between components may be:

Bi-directional communication, where data flows in both directions between services
Unary communication, where a single request is processed

Connections between platform components such as the gateway, microservices, and agents can operate using these communication models.

Two-way SSL can also be implemented to secure connections when required.

For more information, please view Architecture of Autom Mate

Workflow Trigger Protection

Autom Mate includes mechanisms that help prevent untrusted systems from triggering workflows.

These protections include:

Header validation
API key validation

By validating headers and API keys, the platform ensures that only trusted sources are able to initiate workflow execution.

Logging and Audit Handling

Autom Mate records operational activity using log files.

The platform applies specific practices when storing user-related information:

Passwords are not recorded in audit trails
User activity is associated with a user ID rather than a username

This approach helps reduce exposure of sensitive information in logs while still allowing operational auditing.

Penetration Testing

Autom Mate environments are monitored continuously, and security validation activities are periodically performed.

Penetration testing has previously been conducted by customers, and these tests did not report any critical or high-severity findings.

Security-related monitoring and penetration-test exercises are performed regularly as part of the platform’s operational practices.

Identity and Access Features

Autom Mate currently provides authentication mechanisms through API-based integrations.

Some identity management capabilities are not currently supported, including:

SAML-based SSO
SCIM
SPML

Data Privacy Considerations

Autom Mate should be regarded as a controller with limited processing of privacy information.

A Data Processing Agreement (DPA) is planned to define responsibilities and data protection terms related to privacy information handling.

Compliance and Certification

Information about Autom Mate’s certification status and compliance documentation is available in the Autom Mate Trust Center:

Autom Mate Trust Center

This page provides updated details on certification progress and security assurance documentation.

PreviousArchitecture of Autom Mate NextTime Zone Management in Autom Mate

Last updated 4 days ago

Was this helpful?

hashtagData Encryption

hashtagCloud deployment

hashtagOn-premises deployment

hashtagPlatform Communication

hashtagWorkflow Trigger Protection

hashtagLogging and Audit Handling

hashtagPenetration Testing

hashtagIdentity and Access Features

hashtagData Privacy Considerations

hashtagCompliance and Certification