Effective starting: August 28, 2023
This document lists important security and privacy-related questions that you might have when evaluating the Advanced Columns app on your Jira Cloud instance. Should you have any additional questions, please let us know at Advanced Columns Support.
Summary
What kind of data is downloaded from Jira by Advanced Columns?
Did you complete Atlassian's Security Self-Assessment Program?
What kind of data is downloaded from Jira by Advanced Columns?
In order for Advanced Columns to display data on the Advanced Columns Board and perform calculations, the following data may be downloaded:
Information about issues, such as issue field values and issue links;
Information about the user, such as name, avatar and ID;
Information about the user's permissions (groups, roles in projects) – this information is used to validate the user's access to issues, boards and filters.
Most of the data loaded from Jira is cached in memory, not stored in the Advanced Columns database. The expiration times of these caches vary from one minute to several hours, after which the data is removed and re-downloaded as needed.
What kind of data is stored by Advanced Columns?
We do not store data on the Advanced Columns servers. (colocar pequena descrição explanando que os dados são armazenados no Forge DB)
What kind of data is collected by Advanced Columns support?
(Colocar pequena descrição dos dados coletados para ação do suporte. Ex.: Email, instance URL, Site URL, provas que auxiliem na resolução, descrição dos problemas)
Where are the servers located?
All the servers are running on AWS, U.S. East region (Ohio).
How is the data encrypted?
We use TLS to protect information while in transit across the Internet and inside the cluster.
We use AWS EBS encrypted disks to store data.
Who can get access to the data?
Only the Easysecrets on-call system engineers can access the production environment. Each employee of Easysecrets has signed a strict confidentiality and non-disclosure agreement.
How does Easysecrets audit access to the data?
In order to access the database, one needs to request temporary credentials. All such requests are logged and reviewed.
We are also working on an advanced audit process and data access mechanism, which will include:
Logging all data-related operations.
Automatic detection of unusual activity.
An approval workflow for getting access to the data.
How does Easysecrets adhere to information security standards? Do you have any compliance certifications?
We do not hold any compliance certifications at the moment; however, we plan to obtain certification later this or next year.
Advanced Columns has been diligently built with security, privacy and informational security as a highest priority. We have completed and passed Atlassian's Security Self-Assessment Program and also participate in their Bug Bounty program.
What is your data privacy policy?
Please see the Privacy Policy published on our website.
Did you complete Atlassian's Security Self-Assessment Program?
Yes, we completed and passed the Atlassian Security Self-Assessment Program.
0 Comments