Security at Temporal
You’re in control
Temporal allows you to retain control of your data and your security posture.
Temporal allows you to retain control of your data and your security posture. There are two key capabilities of Temporal that allow for this:
Temporal Data Converter
The Data Converter allows you to employ client-side encryption so that your data is encrypted in accordance with your requirements before it ever leaves your environment and then transparently decrypted upon return.
Code Execution Boundaries
The Temporal Service does not establish connections into your environment. You have full control over how you secure your applications and services.
Temporal Cloud
Security
Temporal Cloud is a managed service in which we run the Temporal Service for our customers. It delivers the open-source Temporal Server software, along with additional components that allow for us to deliver a value-add managed service.
Namespace isolation
A namespace cannot interact with other namespaces, even within the same account.
Encryption
All of your data is protected with modern encryption algorithms. We employ AES 256 for data at rest, and TLS in transit.
Security-first design and testing
Prior to deployment, we employ rigorous design reviews, and threat models. We also have penetration testing using trusted security partners.
Compliance
Temporal Cloud is SOC 2 Type II certified, and compliant with GDPR and HIPAA regulations.
Temporal Self-Hosted
Security
The Temporal project is open source and can be found on GitHub. When you deploy a self-hosted Temporal Service, your team is responsible for maintaining software patches and upgrades. We strongly encourage operators to update their Temporal Service after each new release; most versions include stability and security improvements.
Some additional security considerations for a self-hosted Temporal Service include:
Implement Data Converter to encrypt your data as part of a layered security strategy.
Configure Transport Layer Security (TLS) for secure network communication within your Temporal Service.
Set up authentication protocols to prevent unwanted access.
If you have any concerns about security or would like to report a security issue, please reach out to our team.
Data privacy
At Temporal, we believe your data is yours, and we support Data Converters so that we can’t access it.
Privacy by design
Temporal is designed so you have complete control of your data—you can even set your data retention periods. We do not share our users’ data, and if you have encrypted your data with a Data Converter, we can’t even view it.
Data Processing Agreement
Our DPA reflects the requirements of GDPR.
Privacy Policy
Our Privacy Policy is aligned with CCPA and GDPR requirements.
Responsible disclosure
We openly accept reports for our products. We agree not to pursue legal action against individuals who:
Engage in testing of systems/research without harming Temporal Technologies or its customers.
Engage in vulnerability testing within the scope of our vulnerability disclosure program.
Test on products without affecting customers, or receive permission/consent from customers before engaging in vulnerability testing.
Adhere to the laws of their location and the location of Temporal Technologies.
Avoid public disclosure of vulnerability details until a mutually agreed-upon date is reached.
Submit identified issues through our Vulnerability Reporting inbox.
If you have questions or would like to discuss how Temporal can support faster and more reliable applications at your organization, please reach out to our team to get a conversation started!
