Ottomatic Privacy
Privacy Data Sheet
Ottomatic
This Privacy Data Sheet describes the processing of personal data (or personally identifiable information) by Proof.
Ottomatic is a cloud hosting and services platform made available by Proof to companies or persons who acquire it for use by their authorized users. Proof will process personal data from Ottomatic in a manner consistent with this Privacy Data Sheet. In jurisdictions that distinguish between Data Controllers and Processors, Proof is the Data Controller for the personal data processed to administer and manage the customer relationship. Proof is the Data Processor for the personal data processed by Ottomatic to provide its functionality.
This is an addendum to the General Privacy Statement.
Overview of Ottomatic Capabilities
Ottomatic is a cloud-based management platform that provides customers with management features and additional services to use in conjunction with Claris FileMaker Server Software as well as other types of servers. Ottomatic Features Include:
- A web-based console to manage user accounts, organizations, services, and billing
- One-click deployment of new Ottomatic servers.
- The ability to add servers from any cloud provider or even on-prem for management.
- Quick access buttons to launch OttoFMS and the FileMaker Admin Console.
- Live Monitors for CPU, Memory, Storage, and Network throughput for resource stats.
- SSO support – seamlessly deploy Single Sign-On and manage users and groups.
- Integrated offsite backups – The ability to deploy Cloud Object Storage and connect it to your OttoFMS Offsite Backups with ease.
- User and Organization management – Invite devs and colleagues to your Organization via Ottomatic Cloud Console (OCC).
You may be asked to provide your personal data to use the service. The following paragraphs describe Proof's processing of personal data in connection with the delivery of Ottomatic and how it is secured in accordance with privacy principles, laws, and regulations. Note that this Privacy Data Sheet supplements the Proof Privacy Statement.
Please see the following link for more details on Ottomatic: https://www.ottomatic.cloud/cloud-console.
Personal Data Processing
The table below lists the personal data Ottomatic uses to provide services and describes why we process that data.
| Personal Data Category | Types of Personal Data | Purpose of Processing |
|---|---|---|
| End-User Registration/Authentication Information | Username Full Name Telephone number Email address Organization Name | Account creation and activation Service authentication and login Deliver, support, improve security functionality, upgrade and improve the services |
| Administrator Registration Information | Name Username Telephone number Email address Billing and delivery address One-way hashed representations of password(s) for the OCC Administrator Panel Job title Organization Name | Account creation and activation Service authentication and login Sending communications to you, including for marketing or customer satisfaction purposes, either directly from Proof or from our partners Deliver, support, improve security functionality, upgrade and improve the service |
| End-User On-Prem Server Metadata | Server operating system Otto version Otto port Otto API Key FileMaker server version The server's fully qualified domain name SSL Certificate Expiration Date Broad geographic area (country or city-level location) | Provide and maintain the services Improve user experience Improve security functionality Improve quality of the services Ensure secure devices and/or applications Verifying server is secure Authenticate server Conduct statistical analysis with pseudonymized and/or aggregate usage data to improve the services |
| End-User Ottomatic Managed Services Metadata | Server operating system Otto version Otto port Otto API Key FileMaker server version The server's fully qualified domain name SSL Certificate Expiration Date Broad geographic area (country or city-level location) Security and Access Keys/Tokens | Provide and maintain the services Improve user experience Improve security functionality Improve quality of the services Ensure secure devices and/or applications Verifying server is secure Authenticate server Conduct statistical analysis with pseudonymized and/or aggregate usage data to improve the services Prevent, detect, respond and protect against potential or actual claims, liabilities, prohibited behavior, security risks, and criminal activity |
| Events and Usage Data | How end-users access the services Dates and times of access IP address for determining where the services are accessed Site events (e.g., crashes, system activity, API errors) | Provide and maintain the services Improve user experience Improve security functionality Improve quality of the services Conduct statistical analysis with pseudonymized and/or aggregate usage data to improve the services Prevent, detect, respond, and protect against potential or actual claims, liabilities, prohibited behavior, security risks, and criminal activity |
| Authentication and Activity Logs | Which end-users access the services Time when the services are accessed End-user IP address when accessing the services | Provide and maintain the services Improve user experience Improve security functionality Improve quality of the services Conduct statistical analysis with pseudonymized and/or aggregate usage data to improve the services Prevent, detect, respond and protect against potential or actual claims, liabilities, prohibited behavior, security risks, and criminal activity |
Access by Proof Employees
On-Prem and Other Cloud Servers
Employees of Proof do not have access to end-user servers or databases. The Ottomatic Cloud Console stores a key, which is revocable by the end-user through the OttoFMS or Otto Interface, and API access is securely proxied using that key.
Ottomatic Managed Services
Employees do have access to Ottomatic managed services to provide support and monitoring. End-users grant us permission to access Ottomatic Managed Services for support if we are required to access them as part of an active abuse or fraud investigation or where access is necessary to comply with a valid legal process.
Cross-Border Data Transfer Mechanisms
Proof's support staff worldwide may have access to personal data stored in the United States or elsewhere. Additionally, certain personal data (e.g. phone numbers) may be transferred across borders to Proof's third-party vendors for purposes related to providing the Services, such as sending text messages with authentication codes or making automated VOIP-based calls that verify logins wherever the end-user is located.
Personal Data Security
Proof has implemented appropriate technical and organizational measures to secure personal data from accidental loss and unauthorized access, use, alteration, and disclosure. Our data center and cloud providers offer robust controls to maintain security and data protection. Physical security controls include but are not limited to perimeter controls such as fencing, walls, security staff, video surveillance, intrusion detection systems, and other electronic means. More information can be requested by contacting [email protected] and signing an NDA.
Proof uses multiple techniques to protect customer data, including, but not limited to: network segmentation between datastores and other components of the Ottomatic platform, least privilege access to datastores based upon roles or responsibilities, and hardening of production assets to minimize attack surface.
Information Security Incident Management
Breach and Incident Notification Processes
The Information Security team within Proof coordinates the data incident response process and manages the platform-wide response to data-centric incidents. The Incident Commander directs and coordinates Proof's response. A Proof Incident Response Team manages the receipt, investigation, and public reporting of security vulnerabilities related to Proof products and networks for each incident. This team works with Customers, independent security researchers, consultants, industry organizations, and other vendors to identify possible security issues with Proof products and networks.