/
Data security & storage

Data security & storage

We handle sensitive data and we know that! So we try to be as transparent as possible and add a lot of security policies to make sure you can trust us with your data.

Additionally, we only store the absolute minimum of data and always fetch data live. E.g. when connecting a calendar, we never save any calendar information anywhere.

All data are only used to provide the features of the app. We never share or sell your data.

 


Which data do we store?

  • Instance & Settings

Due to the nature of our app, we store some basic information about your Confluence instance. This includes baseUrl, instance Ids, names and patch level of the instance.

Additionally we store all settings made in our app.

  • User Data

We store OAuth2 Tokens for Microsoft 365 and Jira for all connected users.

  • Logs

We keep an audit-log with actions performed against Microsoft 365, Jira and Confluence.


Which data do we not store?

We do not crawl and store any business data - be it Jira, Confluence or Microsoft 365.

We do not store PII data for the user.

We do not store any passwords.


Where do we host?

Our app is hosted on AWS in Frankfurt and all data are stored there.

We plan to offer data residency into multiple regions until end of 2021.


How do we secure your data?

Data security can be tricky so we do have a variety of activities to ensure your data are as safe as possible.

 

  • ISO-27001 compliance
    Since April 2023, yasoon is ISO 27001 compliant. Adherence to standards helps build trust and quickly gain approval from security teams. For more information see our Trust Center.

 

  • SOC2 compliance

Since 2024 we can also provide a SOC 2 Typ 2 compliance, being certified in May 2024. To make sure we continuously comply to the standard, we obtain an external audit on an annual basis.

 

  • Encryption
    All sensitive data are encrypted on database level with AES-256.

 

  • Bug Bounty program
    We give incentives for security researchers to find and report security issues with us.

 

  • Trusted Hosting
    AWS is the leader in Cloud infrastructure and complies to a lot of standards. Please see their website for more information. Also Jira and Confluence Cloud is hosted on AWS in the same data centers.

 

  • No 3rd parties
    We do not work with agencies, ever changing personal or external parties that get access to your data.
    However, we do use some external services listed here to provide our service: Contractors / Subprocessors. These providers may get a subset of your data.

 

  • Backups
    There might be outages and unforeseeable events. We run rolling daily backups and test backups regularly to restore the service as quickly as possible.


Additional links:

Privacy Policy

DPA - Data Processing Addendum

 

 

 

Related pages