Data security and privacy statement
Overview
All Jira add-ons provided by Bauer Information Technology are Atlassian Connect applications for JIRA. Currently four add-ons are provided:
- Bauer User Story Map for Jira Cloud
- Bauer Dependencies for Jira Cloud
- Bauer Estimating for Jira Cloud
- Bauer Issue Organizer for Jira Cloud
- Bauer Corkboard for Jira Cloud
The Atlassian Connect architecture requires data communication between JIRA Cloud and the add-ons to be hosted on separate hardware. Bauer Information Technology is responsible for provisioning, monitoring, and managing the servers for the add-on’s applications. The add-ons are hosted with Heroku and all communication between your JIRA OnDemand instance and the add-on is made over HTTPS (encrypted with SSL). All servers are located in the USA. The remainder of the document describes security and privacy of 3rd party data stored within the add-on only and not Atlassian OnDemand.
Hosting, Data Storage and Backups
Bauer Information Technology has selected Heroku to host the application and Firebase to store all data for the add-ons. Heroku and Firebase were selected to due to the high levels of support, quality of service, reliability and security standards they offer their customers.
Our platform at Heroku was designed and optimized to run all add-ons and has multiple levels of redundancy built in. The applications themselves run on separate front-end servers than those on which the data is stored.
The safety and security of your data is our top priority. Firebase requires SSL encryption with 2048-bit certificates for all data transfer and allows restricted reading and writing via granular access controls and custom authentication.
Only customer data required for the operation of the add-ons will be accessed from JIRA OnDemand and stored within the add-on’s databases . This data will be encrypted during transit between data centers and when it is removed from data centers for backup purposes. All data is replicated and backed up to multiple secure locations.
Facilities
Access to the Firebase data storage is limited to authorized personnel only, as verified by Firebase identity verification measures. Physical security measures include: on-premises security guards, closed circuit video monitoring, man traps, and additional intrusion protection measures.
Our primary data center is located within the US and our secondary data center as well.
People and Access
Excepting the Database Administrator, no Bauer Information Technology members of staff maintain an account that can access your private data. This access is required for application health monitoring, or for performing system and application maintenance. Authentication to application servers is done via individual passphrase-protected public keys, rather than passwords, and the servers only accept incoming SSH connections from Heroku. All our add-ons are designed to allow application data to be accessible only with appropriate credentials, such that one customer cannot access another customer’s data without explicit knowledge of that other customers’ login information. Customers are responsible for maintaining the security of their own login information.
Data retention
When a customers subscriptions lapses or ends we will retain the data for a period of 30 days and then the data may be be removed. Within this 30 days period customers can renew their subscription and continue to access there data.
Customers may request the permanent removal of data from our systems by writing to Bauer HELP CENTER. The removal of data will be conducted within 15 days and does not include removing data from any backups materials.
Effective as of November 12, 2014.