Table of Contents

Arduino Cloud - Shared responsibility model

Security and Resiliency are a common goal between Arduino and the user of Arduino Cloud services. In order to ensure the highest level of confidentiality, integrity and availability, Arduino operates under a Shared Responsibility model, which identifies the distinct responsibilities of Arduino and the user, as explained in the following sections. It’s fundamental that users of Arduino Cloud services understand and perform their part in managing access, data, configuration, compliance.

Shared responsibility for Security

In the shared responsibility model for security, the service provider and the user collaborate to ensure the confidentiality and integrity of the data handled by the SaaS service. The service provider is responsible to provide a service that is secure against cyberthreat while the users play a critical role in following security best practices to preserve the confidentiality and integrity of their data. In this model:

Arduino is responsible for the security of the cloud services and the confidentiality of sensitive data. We are committed to regularly monitor and update our services, applications, and infrastructure. Our security posture is aligned with Cybersecurity industry best practices such as ISO27001. We work to ensure the best possible security posture via a number of best practices that all employee in Arduino follow some examples are:

  • We limit as much as possible the level of access that Arduino employees have on customers data.
  • Security and privacy training are conducted regularly to ensure the highest possible level of awareness to Arduino employees.
  • Regular penetration and vulnerability security tests are performed to our infrastructure and services to assess that security practices in place are working as intended.

Users are responsible for the security of their account, personal access credentials, and for the information they decide to store in the cloud. Arduino recommends to pay particular attention to the following best practices:

  • Strong authentication: taking advantage of strong authentication can significantly help to improve the security of your Arduino account. Options offered by Arduino Cloud are:
    • Two-step verification: a second step to verify your identity during login adds an extra layer of protection to your account. Once enabled, you will be asked to provide your regular password and a digit code when logging in. It will be your responsibility to make sure that all relevant data to enter your account when two-step verification is enabled are properly backed up.
    • Social login: managing multiple accounts with multiple passwords might become problematic, which is why you can choose to login to your Arduino account using a social login that you already own. Via social login you can authenticate to your Arduino account by using your favorite social account without sharing any sensitive login information with Arduino.
  • Confidentiality: users should make sure to not incidentally disclose personal information as part of the content they upload (for example when sharing a project or a sketch). While Arduino can protect confidentiality of information that is recognized as such, it can’t protect against information accidentally disclosed by users inside user-created content.

Shared responsibility for Resiliency

In the shared responsibility model for resiliency, the service provider and the user collaborate to ensure the service's high availability and disaster recovery. The provider is responsible for the underlying infrastructure, redundancy, and data center operations, while the user plays a critical role in data management, access controls, and service configuration. By working together, both parties contribute to the overall resiliency and continuity of the SaaS service, providing a reliable and robust experience. In this model:

Arduino as provider is responsible for:

  • Ensuring availability of Arduino Cloud service endpoints with the required Service Level Objective (SLO) during normal operations. SLO is defined in terms of uptime percentage in a month
  • Ensuring backups for user data stored in Arduino Cloud, and taking proper measures to ensure that our Recovery Time Objective (RTO) and Recovery Point Objective (RPO) goals are achieved in case of more impactful events (Disaster Recovery situations)

Arduino Cloud service is operated using Amazon Web Services (AWS) as infrastructure provider; from an availability standpoint, Arduino Cloud is using a single AWS Region and multiple Availability Zones (multiple datacenters) within that Region. Hence, Arduino Cloud is resilient to an event impacting one or more AWS Availability Zones (data centers) as long as at least one Availability Zone (datacenter) in the selected AWS Region is available.

In case a third-party application is involved to provide the service (such as AWS or the Authentication service provided by Okta/Auth0), it’s Arduino’s responsibility to ensure that the third party is providing adequate availability and resiliency when selecting the third party and reviewing the service characteristics.

In the event of an incident, Arduino will make any commercially reasonable effort to restore the service according to the availability goals, and to involve third parties as needed in case of problems in underlying services.

For information related to current Service Level, Incidents or recovery procedures in progress, users can refer to https://status.arduino.cc.

When it comes to User responsibilities, it is important to clarify that, in terms of resiliency, Arduino’s responsibility is directed toward availability and resiliency of the Arduino Cloud service itself. The purpose for Arduino to execute backups is exclusively to ensure resiliency of the service with its current user data. Arduino is not responsible for data intentionally or unintentionally deleted by users by requesting a delete operation (for example, deleting a Sketch or a Thing or any other configuration or user data). Arduino will not provide access to previous backups in order to allow the user to restore data that have been intentionally or unintentionally deleted. Arduino will not provide a service to restore the configuration or data content of the system at a past point in time.

Certain parts of Arduino Cloud, and in particular IoT services, are offering data retention for historical data. For example data collected by IoT devices are preserved for 1 day, 30 days, or a few years, according to the specific plan selected by the user (data retention specifications available at https://cloud.arduino.cc/plans); data retention only refers to data collected from IoT devices, which are preserved at least for the amount of time indicated in the plan specification (or longer if needed for technical reasons). Arduino Cloud will preserve the current Thing configuration or Sketch content. Past versions of the same, intentionally deleted by users, will not be preserved.

As a consequence, if the user has a need of preserving data for backup purposes, it is a Customer responsibility to create an external historical data backup. Configuration data or Sketches can be extracted by the Customer either via the User Interface or using APIs exposed by Arduino Cloud; the Customer can then save extracted data in external data storage systems to keep a permanent copy of the data in Arduino Cloud.

Limited warranty Statement

1. Warranties

1.1 Scope of Warranty

Arduino warrants that its products will conform to the Specifications. The warranty period is one (1) year from the date of sale for products purchased outside the EU and two (2) years from the date of sale for products purchased within the EU.

Arduino is not liable for defects caused by:

  • Neglect, misuse, or mistreatment by the Customer, including improper installation or testing.
  • Any products altered or modified by the Customer.
  • Defects resulting from the Customer’s design, specifications, or instructions.

Testing and quality control techniques are used to the extent Arduino deems necessary.

1.2 Remedy for Non-Conformity

If any Arduino product fails to conform to the warranty, Arduino’s sole liability is to replace such products. This liability is limited to products determined by Arduino not to conform to the warranty. Arduino will be given a reasonable time to provide replacements. Replaced products will be warranted for a new, full warranty period.

1.3 Disclaimer of Other Warranties

THIS LIMITED WARRANTY IS THE END-USER’S SOLE AND EXCLUSIVE REMEDY AGAINST ARDUINO WHERE PERMITTED BY LAW AND SUBJECT TO SECTION (3). EXCEPT AS SET FORTH ABOVE, PRODUCTS ARE PROVIDED “AS IS” AND “WITH ALL FAULTS”. ARDUINO DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, REGARDING PRODUCTS, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

1.4 Customer Responsibilities and Technical Advice

The Customer agrees to test any systems that include Arduino products and the functionality of those products within such systems prior to use. Arduino may provide technical, applications, or design advice, quality characterization, reliability data, or other services. The Customer acknowledges that providing these services does not expand or alter Arduino’s warranties as set forth above, and no additional obligations or liabilities will arise from Arduino providing such services.

1.5 Safety-Critical Applications

Arduino products and services are not authorized for use in safety-critical applications where failure would reasonably be expected to cause severe personal injury or death. Safety-critical applications include, but are not limited to:

  • Medical and/or life support devices and systems.
  • Equipment or systems for the operation of nuclear facilities and weapons systems.

Arduino products and services are neither designed nor intended for use in healthcare, military, or aerospace applications or environments, nor for automotive applications or the automotive environment. The Customer acknowledges that any such use is solely at the Customer’s risk, and the Customer is solely responsible for compliance with all legal and regulatory requirements in connection with such use.

The Customer acknowledges and agrees that they are solely responsible for compliance with all legal, regulatory, and safety-related requirements concerning the products and any use of Arduino products in the Customer’s applications, notwithstanding any applications-related information or support that may be provided by Arduino.

2. Consequential Damages Waiver

In no event shall Arduino be liable to the Customer or any third parties for any special, collateral, indirect, punitive, incidental, consequential, or exemplary damages in connection with or arising out of the products provided hereunder, regardless of whether Arduino has been advised of the possibility of such damages. This section will survive the termination of the warranty period.

3. Changes to Specifications

Arduino may make changes to specifications and product descriptions at any time, without notice. The Customer must not rely on the absence or characteristics of any features or instructions marked “reserved” or “undefined.” Arduino reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. Product information on the Website or Materials is subject to change without notice. Do not finalize a design with this information.

4. Statutory Laws

(i) Some countries, regions, states, or provinces do not allow the exclusion or limitation of remedies or of incidental, punitive, or consequential damages, or the applicable time periods, so the above limitations or exclusions may not apply.

(ii) Except to the extent lawfully permitted, this limited warranty does not exclude, restrict, or modify statutory rights applicable to where the product is sold but, rather, is in addition to these rights. European Consumer Centres provide information on EU-wide consumer laws as well as consumer laws for specific countries: https://commission.europa.eu/live-work-travel-eu/consumer-rights-and-complaints/resolve-your-consumer-complaint/european-consumer-centres-network-ecc-net_en

Last revision November 26th, 2024
Follow us
Newsletter
company
About ArduinoDistributorsCareersContact us
solutions
ProfessionalEducationMakers
products
HardwareSoftwareArduino CloudIoT Remote AppShop
community
Project HubArduino LabDiscordForumYouTubeGitHub
news
Arduino DaysBlog
support
DocumentationHelp CenterAsk for Support
© 2025 Arduino
TrademarkWhistleblowingDigital Services ActTerms of ServicePrivacy PolicySecurityCookie Settings