Table of Contents

Introduction

This document covers the security aspects of apps created by HeroCoders for Atlassian Cloud products which are available now or in the future.

It is important to understand that Atlassian Cloud apps are separate web services which are hosted by their vendors. This is a consequence of Atlassian Cloud products architecture.

It means that the service and its data are maintained by the vendors.Please visit our Privacy Policy document to understand what data is transferred and stored on our servers.

OUR SECURITY, BRIEFLY STATED

One of our most important concerns is the protection and reliability of customer data.

We use Transport Layer Security (TLS 1.2+) for all transmitted data. TLS is the successor to Secure Sockets Layer (SSL) and is superior to SSL's in many ways, most importantly in terms of security.

We enforce 2FA (two-factor authentication) in all our systems.

All data provided by customers are hosted by trusted data centers.

All data are encrypted both in-transit and at-rest.

Data protection

The security of your data is extremely important to us.

  1. We encrypt all network transmissions using Transport Layer Security (TLS 1.2+) technology, superior to SSL.
  2. We safeguard our services against web attacks such as SQL injections, XSS or XSRF.
  3. We regularly back up your data to help prevent data loss and aid you in data recovery.
  4. We perform regular peer code reviews and security audits to minimize security risks.
  5. We host data in secure, audited data centers provided by mongoDB and Heroku, located in the US.
  6. We enforce 2FA (two-factor authentication) in all our systems.
  7. All paid apps provided by HeroCoders and available in Atlassian Marketplace, participate in the BugBounty program, which allows third-party security engineers to test our apps for security holes, widely considered one of the most powerful post-production tools to help detect vulnerabilities in applications and services.
  8. Only a commercially reasonable subset of employees has access to customers’ data.
  9. We undergo annual penetration tests of our apps. The audit is performed by an external company.
  10. We are part of Atlassian Marketplace Partner Agreement and Atlassian Developer terms that imposes several security requirements like described in Atlassian Security requirements for cloud apps.

We use the Atlassian Connect framework created and maintained by Atlassian to integrate our apps with Atlassian Cloud products. This provides an additional layer of security and separates our apps from sensitive data stored on the Atlassian side (such as passwords and payment details).

Overall, we employ all commercially reasonable safeguards (physical, organizational and technical) to preserve the integrity and security of your data, once it is received and stored.

We do not keep your data for any longer than it is necessary. While we retain this data, we protect it within commercially acceptable means so as to prevent any loss or theft, as well as protection from any unauthorized access, disclosure, copying, use or modification.

That said, we advise that no method of electronic transmission or storage is 100% secure, and we cannot ensure or warrant the absolute security of any information you transmit to us or store with our apps.

SECURITY-RELATED TECHNOLOGICAL AND ORGANIZATIONAL MEASURES  (TOMs)

Please visit our dedicated TOMs page for more information organized by us with the EU GDPR compliance in mind, in order to assist you in assessment of our services pursuant to Article 28 of the GDPR.  

APP SPECIFIC INFORMATION

Issue Checklist

Data storage

  1. We host all data provided by customers on mongoDB (N. Virginia us-east-1 AWS region).
  2. Our apps (running services) use the Heroku platform by Salesforce.
  3. All data transmission is encrypted with Transport Layer Security (TLS 1.2+) technology.
  4. Data are encrypted both in-transit and at-rest.

Backups

  1. Data backups are created on a daily and weekly basis.
  2. Daily data backups are available for eight subsequent days.
  3. Weekly data backups are triggered on Saturday and stored for eight subsequent weeks.

Clockwork

Data storage

  1. We host all data provided by customers on Heroku PostgreSQL.
  2. Our apps (running services) use the Heroku platform by Salesforce.
  3. All data transmission is encrypted with Transport Layer Security (TLS 1.2+) technology.
  4. Data are encrypted both in-transit and at-rest.

Backups

  1. Data backups are created on a daily basis.
  2. Daily data backups are available for four subsequent days.

Changes to our Security Statement

If we make changes to our Security Statement, we will post the amendments on this page to keep you up-to-date on what information has changed. Changes to this Security Statement are effective from the date they are posted on this page.

Questions

If you have any questions or concerns regarding security, please send us an email message to support@herocoders.com. We will do our very best to address your questions and resolve your concerns.