Security and Trust

Below, we have compiled an overview of everything concerning the security of our Atlassian Confluence and Jira apps.

Software Development Lifecycle (SDLC)

• Use of Developer Security Platforms.
  Automatic static code analysis scans to identify patterns of insecure code.
  Periodic scan for vulnerabilities in third-party dependencies.
• Peer review in code reviews required.
• Security awareness training.
• Secured source code repositories.
• Performance of dynamic testing prior to production release.
• Using Secure by Default frameworks to prevent common classes of vulnerability

Security Scanning

Ecoscanner for Cloud and Security Scanner for Data Center apps.

Vulnerability & Patch Management

For vulnerability management, we adhere to the Atlassian guidelines.

Incident Response

We follow the Atlassian incident management guidelines.

General / Various

• Multi-factor (2FA) authentication requirement.
• Password Policy.

Infrastructure, Data Residency, Database, Backups, and Encryption

For bitvoodoo Confluence Cloud Connect apps

• Global (hosted in AWS North Virginia, U.S.A.).
• EU (hosted in AWS Frankfurt, Germany) currently available for Viewtracker and Navitabs
• Data in transit is encrypted using Transport Layer Security (TLS 1.2).
• Data at rest is encrypted using industry-standard AES-256 encryption.
• Database
  Amazon Aurora PostgreSQL.
  Upgrade to the latest version regularly.
  2 Running instances for a failover.
  AWS Region: North Virginia: distributed to us-east-1a and us-east-1b.
  Backup Schedule: Daily
  Data Retention: Data for canceled accounts is retained up to max. 730 days. For an on-demand manual deletion, contact our support.

For bitvoodoo Cloud Forge apps

• Forge apps run on the Jira Cloud Data Residency.
• Our app Confidential Fields with Data Residency for Jira allows you to set other data center locations to store confidential data (on request).
• More details on data security, encryption and storage in our app “Confidential Fields with Data Residency for Jira”.

For bitvoodoo Data Center (on-premise) apps

• Self-hosted environment from the customer.
• No data transit to bitvoodoo ag.

Privacy Policy

• Our apps comply with GDPR, nFADP, CCPA, and other Data Protection regulations.
  The Viewtracker app “Data Privacy” lets admins control if the user identification is stored.
  All other bitvoodoo apps do not save any Personal Identifiable Information (PII).
• bitvoodoo ag’s Privacy Policy

CAIQ-Lite

Download CAIQ-Lite 3.1 for bitvoodoo

Privacy and Security of specific bitvoodoo apps

• Viewtracker Privacy and Security
• Navitabs Privacy and Security
• Confidential Fields Privacy and Security
• Translations Privacy and Security
• Advanced Panelboxes Privacy and Security

Additional Links

• Atlassian Marketplace App Trust
• Atlassian Cloud Security Program
• Atlassian Security Requirements for Cloud Apps
• Atlassian Security Scanning
• Atlassian Security Guidelines for Marketplace Partners
• Atlassian App security incident Management Guidelines
• Amazon Web Services: Security