Durable Workflow Orchestration
Temporal Cloud security/procurement checklist: what data is stored, how is it encrypted, and what compliance docs are available?
7 min read
Quick Answer: Temporal Cloud stores Workflow metadata and event history, not your application code or sensitive payloads. All data in transit and at rest is encrypted, and teams can access security and compliance documentation (including security whitepapers and contractual data protection terms) directly from Temporal or under NDA as part of procurement.
Frequently Asked Questions
What data does Temporal Cloud actually store?
Short Answer: Temporal Cloud stores Workflow execution history, metadata, and Activity/task state—but never your code and not your secrets or business data in clear text.
Expanded Explanation:
With Temporal, your Workflows and Activities run in your own Workers, on your own infrastructure. Temporal Cloud provides the Durable Execution backend that coordinates those Workers. That means Temporal Cloud stores the event history of each Workflow (the ordered log of every state transition, timer, retry, and signal), plus identifiers, task queue names, and other coordination metadata. This is what allows Temporal to replay and recover execution at any step.
By design, Temporal Cloud does not run your code and does not need access to business data in clear text. All connections from your app to the Temporal Service are unidirectional, so you never have to open inbound firewall ports. If your Workflows handle sensitive data (payments, PII, PHI), you keep that data in your own systems and can encrypt any payload fields that you send through Temporal using your own encryption library and keys. Either way, Temporal Cloud never sees your code and does not need to inspect payloads to do its job.
Key Takeaways:
- Temporal Cloud stores Workflow execution histories and coordination metadata, not your application code.
- Sensitive payloads can be kept out of Temporal completely or sent only in encrypted form using your own keys.
How is data encrypted and protected in Temporal Cloud?
Short Answer: All data sent to Temporal Cloud is encrypted in transit and at rest; you can additionally encrypt payloads at the application layer with your own keys.
Expanded Explanation:
Every connection from your Workers or services to Temporal Cloud uses TLS encryption before data leaves your environment. This protects all Workflow events, Activity results, and metadata while they traverse the network. Inside Temporal Cloud, data is stored encrypted at rest using industry-standard mechanisms in the underlying cloud infrastructure.
For higher-sensitivity workflows, teams often add another layer: application-level encryption of payloads. You can encrypt any fields you send to Temporal using your own encryption library and keys, then treat Temporal as an opaque carrier of ciphertext. The Temporal Service never needs to access your data in clear text; it only cares that the payload is deterministic for replay, not what’s inside it.
Steps:
- Encrypt in transit: Use TLS for all communication between your environment and Temporal Cloud (handled by standard SDK configuration).
- Encrypt at rest: Rely on Temporal Cloud’s default at-rest encryption in its managed data stores.
- Optionally encrypt payloads: For sensitive fields, use your own crypto library and keys before sending data to Temporal, and decrypt only inside your Workers.
How is Temporal Cloud different from a system that runs my code or stores all my business data?
Short Answer: Temporal Cloud coordinates your executions and stores their histories; your code and secrets stay in your environment, not inside Temporal.
Expanded Explanation:
Many orchestration platforms blur the line between “control plane” and “data plane” by running user code or requiring direct database access. Temporal Cloud separates these concerns. Your Workers execute your Workflows and Activities, connect outbound to Temporal Cloud, and keep code, credentials, and databases behind your firewall. Temporal Cloud persists the Durable Execution state machine (event histories, timers, retries) and delivers tasks to Workers via task queues.
This separation is important for security reviews. Temporal is a coordination service, not a place where you ship code or centralize your business data. You control what fields are sent as payloads, how they’re encrypted, and where your sensitive datasets live. Temporal Cloud never needs shell access, database credentials, or the ability to inspect your clear-text business records to keep workflows running.
Comparison Snapshot:
- Option A: Temporal Cloud (Durable Execution control plane)
Stores Workflow histories and metadata, never runs user code, and can be used with ciphertext-only payloads. - Option B: Generic “run your code” platform
Executes user code in vendor infrastructure and often needs direct access to data stores or secrets. - Best for: Teams that want durable, debuggable workflows while keeping code and sensitive data within their own environment and security perimeter.
What security and compliance documents are available for procurement and risk review?
Short Answer: Temporal provides security documentation, data protection terms, and additional compliance artifacts under appropriate agreements as part of procurement.
Expanded Explanation:
Security and procurement teams need more than marketing claims. Temporal maintains formal security documentation describing how Temporal Cloud is secured by design, our encryption posture, and our operational controls. For regulated regions, data transfers rely on mechanisms like European Commission–approved Standard Contractual Clauses and UK ICO-approved International Data Transfer Addendums when personal data is involved.
You can also request details on data handling, access controls, and incident response, along with contractual commitments around data protection. Some documentation is available publicly (for example, via temporal.io/security), while more detailed materials can be shared under NDA during a vendor security review.
What You Need:
- A security or procurement point of contact who can engage with Temporal’s team and, if needed, sign NDAs.
- A list of your organization’s standard security and compliance questions (e.g., vendor risk questionnaire, DPA requirements) to align with Temporal’s documentation set.
How should my team evaluate Temporal Cloud security as part of a formal procurement checklist?
Short Answer: Treat Temporal Cloud as a security-reviewed control plane: confirm what data you send, validate encryption and data transfer mechanisms, and review Temporal’s security posture and contractual terms.
Expanded Explanation:
When you use Temporal Cloud, you’re not outsourcing your core data stores; you’re outsourcing Durable Execution. A good procurement checklist reflects that architecture. Start by mapping which Workflows will run on Temporal, what payloads they send, and where sensitive data lives. Confirm that all connections are outbound-only from your environment and that you never need to open inbound firewall ports.
Then align Temporal’s security posture with your internal standards: encryption in transit and at rest, options for application-level encryption, data residency needs, and cross-border data transfer protections (such as SCCs and UK Addendums for European personal data). Finally, verify operational practices—authentication, access controls, and how you’ll request additional documentation or raise questions over time. The goal is simple: gain durable reliability guarantees without weakening your existing security perimeter.
Why It Matters:
- Reduced blast radius: Keeping code and sensitive data in your environment minimizes exposure while still getting Durable Execution from Temporal Cloud.
- Faster approvals: Clear architecture boundaries, strong encryption, and formal data transfer and protection commitments make vendor risk review more straightforward.
Quick Recap
Temporal Cloud is a secure, Durable Execution control plane: it stores Workflow event histories and metadata, not your code or clear-text secrets, and all data is encrypted in transit and at rest. You can further encrypt payloads with your own keys so Temporal never sees sensitive data. For procurement, your checklist should verify what data you send, how it’s encrypted, how connections stay outbound-only, and how Temporal’s security and data transfer commitments align with your internal standards—and you can request the appropriate security and compliance documents to complete that review.