Security Data and system access controls <ul>
<li>Personal data is accessible and manageable only by properly authorized staff.</li>
<li>Direct database query access is restricted.</li>
<li>Access rights to our applications used to process personal data are established and enforced.
access is via secure passwords and two-factor authentication, where possible.</li>
<li>Personal data is never stored locally, or in physical form.</li>
</ul> Data encryption and transmission controls <ul>
<li>n8n will always encrypt sensitive data (e.g.
passwords, credentials you create in the app to communicate with different services) when transitioning data to/from different services to ensure it cannot be read, copied, modified or removed without authorization during electronic transmission or transport.</li>
<li>n8n has the decryption key at hand to decrypt that data for use.</li>
<li>Account passwords are hashed.
Our own staff can't even view them.
If you lose your password, it can't be retrieved — it must be reset.</li>
</ul> Data backups and deletion <ul>
<li>We generate daily backups of execution data, stored workflows, webhooks and encrypted credentials, and store them using a secure sub-processor.
These backups enable us to restore your data in case of accidental deletion or subscription cancellation.</li>
<li>By default, raw execution logs are purged on a rolling basis, and are deleted no more than 30 days after executions have taken place, unless longer log retention time is requested by the user.</li>
</ul> Data segregation <ul>
<li>Data from different n8n subscribers is logically segregated on systems managed by n8n.</li>
</ul>