GDPR Design guide

This page describes how data is managed by Bonitasoft, depending on the Edition you are using.

Data management in Bonita

As Bonita is a Platform, personal data are not directly collected, but any development must guarantee the Confidentiality in the respect of the GDPR Policy.

Bonitasoft acts as a subcontractor, within the meaning of Article 4 of the GDPR, in the context of its Bonita Cloud offer. As such, Bonitasoft is required to host the data uploaded by its customers on the Bonita Cloud platform, when they use the services.

When the Bonita Platform is installed directly on the clients' servers located on their premises ("on-premise" installation), Bonitasoft does not access the personal data processed via its software. Access to data may however be granted to Bonitasoft, even in the case of an "on-premise" installation on an ad-hoc basis and only within the contractual Support service or Professional service.

On-premise (Community and Enterprise) Cloud


Backups are managed by you. It is highly recommended to backup your database before launching an update procedure. Bonitasoft provides a procedure to help you back up your Bonita runtime.

Please note that the backup procedure also depends on your database.

Data of every runtime backed up every night. Additional backups are possible upon customer request.

Data retention

You manage how long you want to retain data. It is theoretically limitless, however the longer the data is retained, the more likely this will cause performance issue.

Please refer to the “Process cleanup” section below to see how Bonita tools can help you purge your data.

Bonitasoft will store 15 days of back up for the production runtimes. This retention period can be increased upon customer request.


Restorations are managed by you. Please note that the restoration procedure also depends on your database.

Data restorations are done through a request and may result in scheduled maintenance. The service includes a restore to the latest backup. Bonitasoft is not responsible for the functional impacts of the rollback.


Encryption is managed by you. We recommended you use Maven encryption. Bonita also supports password encryption.

Bonita Cloud offers data in transit encryption with the latest HTTPS standard (TLS 1.3). Moreover, data at rest is also encrypted to secure your applications and processes data. Bonita Cloud uses the AES-256 encryption algorithm which is a recognized industry standard.

Please note that Bonitasoft has ISO 27001 certification for its Bonita Cloud information security and Bonita Cloud customer development, operations, and support. Enterprises who automate their business processes on Bonita Cloud want secure, robust enterprise applications with assurances that their data and privacy is safe. Bonitasoft’s ISO 27001 certification is the result of a successful audit of the company’s cloud security practices by Bureau Veritas Certification, the world leader of certification.

Process cleanup

For Subscription editions only.

To ensure compliance with data protection regulations or to facilitate general storage management, Bonita offers a specialized tool—referred to as the Purge Tool. This tool is designed to efficiently remove completed (archived) process instances from the Bonita Runtime environment.

By default, Bonita Runtime retains all archives indefinitely. Given the operational mechanics of the Bonita Purge Tool, it is strongly recommended to execute this tool periodically, ideally during periods of minimal activity in the Runtime. This can be automated through a crontab or an alternative scheduling method that best suits your needs.

Implementing a consistent purge policy not only simplifies data management but also enhances the performance of your runtime environment by optimizing storage utilization and ensuring smooth system operations. For subscribers of Bonita Cloud, the management and application of the Purge Tool are handled entirely by the Bonita Cloud team. As a user, you are relieved of this responsibility; rest assured, the Bonita Cloud team diligently manages this process, ensuring optimal performance and compliance without any required action on your part.