Atlassian - Security Statement
- Alessandro Distefano
- Andrea Arcifa
Last statement update: 22 August 2023.
Atlassian Connect Apps
This section applies to our Apps based on the Atlassian Connect framework
Apps |
|---|
Embedders:
|
Context for Confluence |
Icons for Confluence |
Replio for Jira |
Data
Overview
We never store any Confluence data on our servers. All settings are stored inside Confluence using the page metadata API.
Embedders, Icons for Confluence
Our embedders and the app Icons for Confluence process all data on the client-side (in an end user's internet browser).
Replio, Context
When you interact with the apps named Replio and Context, your requests (and some Jira / Confluence data) may temporarily pass through our servers. All data passes through security protocols that guarantee secrecy and data encryption (HTTPS/TLS 1.2+). Under no circumstances do we store these data.
Audit and usage logs
When you use our apps, we may collect anonymous usage data and analytics information for auditing, security purposes, improving our product, bug resolution and customer support assistance.
Availability and system resilience
All our configuration data are subject to regular backups. We back up at least once a day. Our backups are securely stored and protected from unauthorised access.
We use separate environments for development and production operations. The environments use separate data and configurations. Access to production environments is tightly controlled. Deployment of the apps in the production environment is managed through automated systems (CI/CD).
Data location
We process app requests in Europe. Any information available via Atlassian REST API might be temporarily processed to render certain functions of the apps.
Our apps can be hosted on:
Azure Cloud (North Europe region)
Hetzner Cloud (Germany region)
We use Cloudflare's CDN network to serve, protect and optimize worldwide traffic. All data exchanged between the end-user and our apps traverses Cloudflare's global network before being processed by our servers.
Replio advanced features
Our Replio app uses some advanced features hosted by Google Cloud (Global region)
Data Security
Atlassian is responsible for protecting your data in the Atlassian Confluence Cloud. For information on how Atlassian protects your data, see the Atlassian Trust page. For technical details about Atlassian Connect, refer to Atlassian's Connect FAQ.
Users can only access the apps using time-limited JSON web tokens generated by Atlassian specifically for the app.
Atlassian Forge Apps
This section applies to our Apps based on the Atlassian Forge framework
Apps |
|---|
Hubspot Connector for Jira |
Hubspot Connector for Confluence |
Embedders:
|
Overview
Forge Apps are hosted and processed in the Atlassian Cloud environment. We never store any Confluence or Hubspot data.
For information on how Atlassian protects your data, see the Atlassian Trust page. For technical details about Atlassian forge security, refer to the Forge Security page: https://developer.atlassian.com/platform/forge/security/.
Privacy
Our apps are fully compliant with European GDPR. You can read more on our Privacy Policy.
Managing Security Vulnerabilities
Our apps are subject to the Atlassian Security Programs and adhere to all requirements Atlassian imposes on incident management.
Our infrastructure is constantly monitored by the Atlassian Vulnerability Scanning Program EcoScanner.
Security vulnerabilities, when found, get the highest priority and are fixed based on the required Security Bug Fix Policy For Marketplace Apps.
Development and Support Team
Our development and support team is located in Italy.
Suggestions, reports or requests for clarification are always welcome. For further details, please open a ticket.