We handle sensitive data and we know that! So we try to be as transparent as possible and add a lot of security policies to make sure you can trust us with your data.
Additionally, we only store the absolute minimum of data and always fetch data live. E.g. when connecting a calendar, we never save any calendar information anywhere.
All data are only used to provide the features of the app. We never share or sell your data.
Which data do we store?
Instance & Settings
Due to the nature of our app, we store some basic information about your Confluence instance. This includes baseUrl, instance Ids, names and patch level of the instance.
Additionally we store all settings made in our app.
User Data
We store OAuth2 Tokens for Microsoft 365 and Jira for all connected users.
Logs
We keep an audit-log with actions performed against Microsoft 365, Jira and Confluence.
Which data do we not store?
We do not crawl and store any business data - be it Jira, Confluence or Microsoft 365.
We do not store PII data for the user.
We do not store any passwords.
Where do we host?
Our app is hosted on AWS in Frankfurt and all data are stored there.
We plan to offer data residency into multiple regions until end of 2021.
How do we secure your data?
Data security can be tricky so we do have a variety of activities to ensure your data are as safe as possible.
ISO-27001 compliance
Since April 2023, yasoon is ISO 27001 compliant. Adherence to standards helps build trust and quickly gain approval from security teams. For more information see our Trust Center.
Encryption
All sensitive data are encrypted on database level with AES-256.
Bug Bounty program
We give incentives for security researchers to find and report security issues with us.
Trusted Hosting
AWS is the leader in Cloud infrastructure and complies to a lot of standards. Please see their website for more information. Also Jira and Confluence Cloud is hosted on AWS in the same data centers.
No 3rd parties
We do not work with agencies, ever changing personal or external parties that get access to your data.
However, we do use some external services listed here to provide our service: Contractors / Subprocessors. These providers may get a subset of your data.
Backups
There might be outages and unforeseeable events. We run rolling daily backups and test backups regularly to restore the service as quickly as possible.