Atlassian - Security Statement
- Alessandro Distefano
- Andrea Arcifa
Atlassian Connect Apps
This section applies to our Apps based on the Atlassian Connect framework
Apps |
|---|
Embedders:
|
Context for Confluence |
Icons for Confluence |
Data
Overview
We never store any Confluence data on our servers. All settings are stored inside Confluence using the page metadata API.
Embedders, Icons for Confluence
Our embedders and the app Icons for Confluence process all data on the client side (in an end user's internet browser).
Context
When interacting with the Context app, your requests (and some Confluence data) may temporarily pass through our servers. All data passes through security protocols that guarantee secrecy and data encryption (HTTPS/TLS 1.2+). Under no circumstances do we store these data.
Audit and usage logs
When you use our apps, we may collect anonymous usage data and analytics information for auditing, security purposes, improving our product, bug resolution and customer support assistance.
Availability and system resilience
All our configuration data are subject to regular backups. We back up at least once a day. Our backups are securely stored and protected from unauthorized access.
Environments, deployments and code security
We use separate environments for development, staging and production operations. The environments use independent data and configurations. Every code modification is analyzed by automated tools that verify its formal correctness, absence of known vulnerabilities, and adherence to security best practices.
Access to production environments is tightly controlled. Deployment of the apps in the production environment is managed through automated systems (CI/CD) and subjected to approval by qualified engineers.
Data location
We process app requests in Europe. Any information available via Atlassian REST API might be temporarily processed to render certain app functions.
Our apps can be hosted on:
Azure Cloud (North Europe region)
Hetzner Cloud (Germany region)
We use Cloudflare's CDN network to serve, protect and optimize worldwide traffic. All data exchanged between the end-user and our apps traverses Cloudflare's global network before being processed by our servers.
Data Security
Atlassian is responsible for protecting your data in the Atlassian Confluence Cloud. For information on how Atlassian protects your data, see the Atlassian Trust page. For technical details about Atlassian Connect, refer to Atlassian's Connect FAQ.
Users can only access the apps using time-limited JSON web tokens generated by Atlassian specifically for the app.
Atlassian Forge Apps
This section applies to our Apps based on the Atlassian Forge framework
Apps |
|---|
Hubspot Connector for Jira |
Hubspot Connector for Confluence |
Embedders:
|
Overview
Forge Apps are hosted and processed in the Atlassian Cloud environment. We never store any Confluence or Hubspot data.
For information on how Atlassian protects your data, see the Atlassian Trust page. For technical details about Atlassian forge security, refer to the Forge Security page: Security for Forge apps on the Atlassian Marketplace.
Privacy
Our apps are fully compliant with European GDPR. You can read more on our Privacy Policy.
Managing Security Vulnerabilities
Our apps are subject to the Atlassian Security Programs and adhere to all requirements Atlassian imposes on incident management.
Our infrastructure is constantly monitored by the Atlassian Vulnerability Scanning Program EcoScanner.
Security vulnerabilities, when found, get the highest priority and are fixed based on the required Security Bug Fix Policy For Marketplace Apps.
Our apps undergo continuous security checks conducted by third-party expert researchers through our participation in the Marketplace Security Bug Bounty Program
Development and Support Team
Our development and support team is located in Italy.
Suggestions, reports or requests for clarification are always welcome. For further details, please open a ticket.