Versions Compared

Old Version 3

changes.mady.by.user Benjamin Linser

Saved on

compared with

New Version 4

changes.mady.by.user Benjamin Linser

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

We do have backups of our data and our backend services are spread across different regions, with a DNS loadbalancer in place.

Do you have a retention procedure?

We shall retain data as long as the company has a need for its use, or to meet regulatory or contractual requirements. Once data is no longer needed, it shall be securely disposed of or archived. Data owners, in consultation with legal counsel, may determine retention periods for their data.

Client Workstations


Do you have operating system hardening and/or build standards for client systems?

...

Yes. Implementing production-like controls.

Do you encrypt data at rest?

Data transferred from and to our services are encrypted with TLS 1.2. The implementation of TLS enforces the use of strong ciphers and key-lengths where supported by the browser.

All customer data that are stored in our environment are encrypted on data drive level.
Additionally there are data we consider sensitive (e.g. access tokens) not even our support staff should have access to. These data are additionally encrypted within the database with AES-256.

Which data are stored?

We only store content that has been explicitly created by our apps. The exact data varies by used features.

Expand
titleUser Authentication Tokens

We utilize OAuth2 to get access to Microsoft Graph and Jira Cloud.
OAuth1.0a is used to connect with Jira Data Center.

These tokens are considered extremely sensitive and we use additional protection and encryption measures

Expand
titleUser information (PII)

We store Jira and Microsoft user ids, as well as their display name and email address.

Expand
titleInstance information

We store data for each instance like URL, Jira and app version. These data also includes an instance-specific secret.

Expand
titleSettings

The app has a lot of settings that are stored in our database.

Expand
titleApp generated user content

There are data that are business data, but not used immediately.
For example, templates that are defined in our app, are stored in our database.

Technical security testing (3rd party penetration tests)


Does an independent third party regularly perform penetration tests on all systems used to provide services to customers?

...