hi there
my problem is not about n8n indeed
I sell automation to companies,and I get refused lot of times due to the data privacy of the company,when you come to build automation for sensitive data automations,how you handle the problem of the company’s data privacy when they cant give you data that is important to them?how you solve this problem?or you just ignore the automation that processes sensitive data and build automation for non-sensitive data??
thanks in advance
Hi @Roger_Melton Welcome to the community!
To be honest I have never had this issue. Not with automations/integrations (3+years) and also not in the almost 5 years I was a business intelligence consultant.
I have seen too much sensitive data probably, never had a single company really thinking it was a bad idea to give access though.
When they know what the problem is and you have explained what the solution is they generally just go with the flow and trust the consultant they hire.
Most of them are SMB companies though, so maybe it is the specific companies you are helping.
Also all over the world (16 countries) I have worked for. mostly europe though.
@BramKn
i appreciate for replying to this…you are maybe right…but when I thought for solution to this problem…i had an idea that this could be done by signing a contract with them with a condition of not using this data or not to expose it to competitions or public eye or…etc
so is there anything like this condition when you sign with them for the service you want to build for them?
the other solution I has is to build the service on my own accounts then deliver it to them and make it on their accounts so they guarantee I don’t get access to this data
thanks for help again
Usually that should be a part of NDA.
Like @barn4k mentioned, yes there is of course always a document signed. An NDA is pretty standard in the field I think. Also needed for things like GDPR and such.
Developing something without having access to actual data is very tricky and I do not do this. Maybe sometimes to start if we cannot get a data connection yet, but at some point you need to properly test stuff.
All my workflows I develop on servers of clients though, so no data leaves their own servers.
@BramKn
hi bro,thanks for sharing this knowledge…this frightened me now 
like not all of the companies have their own servers…but when it comes to other tools like make and zapier…etc…there is no “their servers” in this case…
to sum up…i know that you deliver the service for them on their servers but what if I don’t do this as a beginner?what is the solution when the clients is in other country and maybe NDA can’t be applicable in this situation…sometimes I get a clients from other countries due to email marketing…what is the solution tho?..this is bunch of new things to me
I appreciate the clarifying tho
You would then just let them setup their own n8n cloud account for example.
It is all about trust of course, because even with an NDA it is just a piece of paper. You could still do whatever. Of course they can then come after you for it, if you are being naughty.
I got it bro…much respect…trust solves everything…I really appreciate it this helps me well…but for your case or mine…how you show trust for somebody who don’t know you?in my case the company I was mentioning owned by a fruend’s dad,so he trusts me more than anybody else offers this service…can you clarify this please?..and again thanks for your time
just a quick comment when you do it on their server or set up an ACC for them then it must be a one time payment service right?
It depends
Usually, you don’t want to provide a one-time service, instead better to insist on the service+support, because who will handle the issues and improvements? It may work after the installation and then will break in two days due to some corner case you were not aware of
There is no general solution though. You have to adapt it for each case.
E.g. for small companies or self-employed it may be enough to have a cloud n8n instance and they don’t bother about the sensitive data a lot.
For big companies it may be crucial to have an NDA and a self-hosted instance (or multiple instances), because the self-hosted always will be more reliable in terms of the data leak. However, it requires proper supporting and managing the infra for the company. Plus, big companies usually have a so-called ‘Onboarding process’, where you can’t simply use the cloud instance. It must be onboarded (be compliant with the company’s policies regarding the data exchange and handling). But that’s not your task, it may only pause you from developing the automation.
How trust works is a tricky one and I am not really the right person to tell you more on that. Maybe some scholar has an answer for you on that.
Everything depends on what you offer and what the client wants/needs.
If you charge per month you need to actually offer them a service for that month normally as they do not want to pay you for nothing.
and everything @barn4k said 
everything is clear now…i appreciate the help bros…best wishes for you
for the NDA again I asked this before and idk if you might have an idea…for clients in other countries…is NDA still might work…i mean is it related to the government and if you sign it with somebody out of your country it worths nothing?..this will help me get clients from other country I target(I live in a 3rd world country so targeting other countries will be more profitable for me and more applicable)…cuz doing it on their server will be exposing your secrets sometimes and it depends on the case so its not the best thing sometimes…thanks for help again
and there is somebody told me this…so I need to know if its correct and how to deal with this…and is n8n safe as other tools like make…zapier…etc??
It’s a question to a legal
From my perspective, the company doesn’t really care about where you reside, as in the case of the NDA violation they will go to their local court
I just leave it there
Security at n8n
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.
