Celonis Product Documentation

Celonis leverages Microsoft and Amazon hosting services. The hosting location of the customer’s database generally corresponds to the location of the customer (e.g. the data of European customers is hosted in a data center located in the EU).

All data transferred to Celonis is always encrypted via HTTPS using TLS 1.2 or higher. All data at rest is encrypted using AES-256 encryption.

Besides user account-related data (e.g. name, email, log files), no personal information is required to analyze processes in Celonis Platform. But, depending on the use case and the individual implementation of the client, personal data may be needed. Pseudonymization features are offered in such cases. The client is in full control of any personal information processed.

You can request the deletion of the respective data at any time. Retention times for user-related log files (audit trail) can be configured by the customer. Backups are destroyed following industry standards and advanced techniques for data destruction. By default, the customer's database is deleted within 30 days of contract termination.

Celonis has implemented a Privacy Information Management System (PIMS) globally based on the requirements of ISO 27001, ISO27701 and the EU GDPR. The PIMS is run by a dedicated internal Data Privacy Team.

Celonis solutions are designed according to the principles of data privacy by design and by default. For more information, see the White Paper on our Privacy Page.

Among others, Celonis is certified according to ISO27001, ISO27701 and ISO9001. Click here to find out more about compliance efforts and certifications.