# Sherpa RPA ## **Data Collection** Sherpa RPA does not collect any personal user data and does not store it in its database unless explicitly specified by the developed robot's script. The solution supports centralized collection and storage of logs, allowing for real-time monitoring of system activity. Actions are recorded in local log files or sent to Sherpa Orchestrator if it has been connected to Sherpa Robot. Logs include authentication data, robot operations, configuration changes, and any other actions performed in the system. This facilitates the auditing process and timely detection of anomalies. ## **Data Protection** All components of the solution use the **AES-256** encryption algorithm to protect confidential data, which is a modern and reliable standard for ensuring data security. A robust hash algorithm **SHA256** is used for signing installation packages. All data transmission is carried out over secure channels using the **TLS 1.3** protocol, which provides a high level of protection against interception and attacks. The solution also supports compatibility with **SSL3, TLS 1.1, TLS 1.2, and TLS 1.3** protocols to ensure maximum flexibility when integrating with various systems. To ensure secure data exchange between system accounts, robots can operate under separate, isolated accounts with minimal privileges. This eliminates the need to grant administrative rights, significantly reducing the risk of system compromise in the event of a successful attack on one of the accounts. The security of third-party service authentication is ensured by the user's computer and service providers. Authentication data for third-party services is not transmitted to Sherpa RPA servers and is not stored there. ## **Authentication and Authorization** When using the solution in conjunction with Sherpa Orchestrator, advanced authentication and authorization mechanisms are applied on the server, preventing unauthorized access. These mechanisms include support for integration with **LDAP/OpenID** and other modern access control methods. ## **Vulnerability Remediation** Upon discovering a vulnerability in any of our solutions, we, as the vendor, promptly notify users by sending emails to their addresses. These emails contain information about the issue, timelines for resolution, and instructions for necessary actions to address it. ## **Vulnerability Remediation Timelines** 1. Medium-level vulnerabilities are resolved within 30 calendar days. 2. High and critical-level vulnerabilities are resolved within 7 calendar days. ## **Operation in a Closed Network** All components of the platform can operate in a closed network without Internet access. Some individual cloud functions and third-party service features may require Internet access if you plan to use them. In such cases, Internet access should be provided only for the addresses of these services. To activate licenses for platform components in a closed network without Internet access, use [offline activation](https://docs.sherparpa.ru/sherpa-robot-i-sherpa-assistant/registraciya-licenzii/avtonomnaya-aktivaciya), which involves exchanging a request code and a response code with Sherpa RPA Technical Support. You can send the request code and receive the response code at . You can also provide the platform components access to the Sherpa licensing server located at , port 443. This will allow for automatic activation of Sherpa RPA licenses and the use of features such as Smart Assistant and requests to neural networks **OpenAI, Sber GigaChat, YandexGPT, Groq, Claude.** ## **Backup of the Solution (Sherpa Designer + Sherpa Robot)** To ensure backup of all solution data, it is recommended to add the following path to your backup program: C:\Users\User\AppData\Roaming\Sherpa RPA Data\\. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sherparpa.ru/en/bezopasnost/sherpa-rpa.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.