Security Policy
Overview
AssertThat provides Cloud Apps via Atlassian Connect framework on the Atlassian Marketplace and is committed to respecting the privacy of its customers and users. For more information please view our Privacy Policy. The security of personal information is very important to AssertThat. We employ resilient security measures, encompassing both technical and organisational security controls, to deter data loss, information leaks, or any unauthorised data processing operations.
Data Storage and Facilities
AssertThat uses Amazon Web Services (AWS) to host the Cloud Apps. AssertThat are responsible for provisioning, monitoring, and maintaining the AWS infrastructure required to support the AssertThat Cloud Apps.
AWS is responsible for the data centre that hosts the AssertThat Cloud Apps, more information can be found here.
AssertThat Cloud is hosted in the North Virginia region.
Certification
AWS holds responsibility for cloud security management and has obtained certifications from third-party organisations, demonstrating compliance with relevant laws and regulations. You can access the link here to view the certifications and compliance statements.
AssertThat participates in the Cloud Fortified Apps program security requirements, more details can be found here.
Stored JIRA Data
Unless specifically highlighted below AssertThat do not store our customer data which instead is stored in the Atlassian Cloud Product that the App applies to. The data stored in the Atlassian Cloud Product is covered by the Atlassian Cloud Policy which can be found here.
Exceptions
Account Data:
Our Cloud Apps stores data provided and generated by Atlassian, that are required for license validation, contract administration and communication with the customer instance.
Error Logs data:
Our Cloud Apps track errors of our Cloud Apps' resources executed in the end users' browsers in real-time. This includes error messages and information about the environment such as browser type, browser version and operating system. It is exclusively used in order to improve our service. Errors from JavaScript in our cloud applications are sent to rollbar.com to alert AssertThat support.
Jira data references:
AssertThat use the JIRA APIs to query data from selected projects in Jira to link defect reference by Jira issue key to AssertThat artefacts.
Encryption
We encrypt data at rest in our database industry standard encryption. Communication with AssertThat Cloud uses HTTPS with TLS.
People and Access
Only AssertThat Developers or Support Engineers have access to the AWS platform hosting our Cloud Apps. They only have access to the application data to perform system or application support purposes.
Only AssertThat Support Engineers have access to the production environment, and this access is strictly for the purpose of maintaining our cloud services and providing assistance to our customers.
Backups
Encrypted backups of the entire platform are created every 24 hours.
If you have any questions then please contact us at support@assertthat.com