bitvoodoo ag

Security and Trust

bitvoodoo was founded in 2008. Since the release of our first apps (then called plugins) for Confluence in 2010, we strive to continuously improve our processes and development. We honor the trust of our customers by putting safety and security at the forefront of our Jira and Confluence app development and all other processes.

We are an Atlassian Marketplace Gold Partner. All our cloud apps are Cloud Fortified and Cloud Security Participants. The Atlassian Security Scanners regularly examine and verify the security of our apps. Naturally, we are also participants in the Marketplace Bug Bounty Program.

Below, we have compiled an overview of everything concerning the security of our Atlassian Confluence and Jira apps.

Software Development Lifecycle (SDLC)

  • Use of Developer Security Platforms.
    Automatic static code analysis scans to identify patterns of insecure code.
    Periodic scan for vulnerabilities in third-party dependencies.
  • Peer review in code reviews required.
  • Security awareness training.
  • Secured source code repositories.
  • Performance of dynamic testing prior to production release.
  • Using Secure by Default frameworks to prevent common classes of vulnerability

Security Scanning

Ecoscanner for Cloud and Security Scanner for Data Center apps.

Vulnerability & Patch Management

For vulnerability management, we adhere to the Atlassian guidelines.

Incident Response

We follow the Atlassian incident management guidelines.

General / Various

  • Multi-factor (2FA) authentication requirement.
  • Password Policy.

Infrastructure, Data Residency, Database, Backups, and Encryption

For bitvoodoo Confluence Cloud Connect apps

  • Global (hosted in AWS North Virginia, U.S.A.).
  • EU (hosted in AWS Frankfurt, Germany) currently available for Viewtracker and Navitabs
  • Data in transit is encrypted using Transport Layer Security (TLS 1.2).
  • Data at rest is encrypted using industry-standard AES-256 encryption.
  • Database
    Amazon Aurora PostgreSQL.
    Upgrade to the latest version regularly.
    2 Running instances for a failover.
    AWS Region: North Virginia: distributed to us-east-1a and us-east-1b.
    Backup Schedule: Daily
    Data Retention: Data for canceled accounts is retained up to max. 730 days. For an on-demand manual deletion, contact our support.

For bitvoodoo Cloud Forge apps

  • Forge apps run on the Jira Cloud Data Residency.
  • Our app Confidential Fields with Data Residency for Jira allows you to set other data center locations to store confidential data (on request).
  • More details on data security, encryption and storage in our app “Confidential Fields with Data Residency for Jira”.

For bitvoodoo Data Center (on-premise) apps

  • Self-hosted environment from the customer.
  • No data transit to bitvoodoo ag.

Privacy Policy

  • Our apps comply with GDPR, nFADP, CCPA, and other Data Protection regulations.
    The Viewtracker app “Data Privacy” lets admins control if the user identification is stored.
    All other bitvoodoo apps do not save any Personal Identifiable Information (PII).
  • bitvoodoo ag’s Privacy Policy


Download CAIQ-Lite 3.1 for bitvoodoo

Privacy and Security of specific bitvoodoo apps

Additional Links

Atlassian Marketplace Gold Partner

Our Gold Marketplace Partner batch is proof of bitvoodoo's heavy investment in the Atlassian platform in alignment with their strategy.

Atlassian Cloud Fortified

The Cloud Fortified badge for all our Cloud apps indicates that they participate in all six of Atlassian's cloud app security programs.

Cloud Security Participation

Apps labeled with the Cloud Security Participant badge are part of a rigorous bug bounty program. We do active security research and fix security issues within the timeframe defined by Atlassian.

Bug Bounty Icon

Marketplace Bug Bounty Program

Atlassian is the first company to extend its bug bounty program into its ecosystem. For bitvoodoo, participating in this program is a must.

Eco Scanner Icon

Atlassian Eco Scanner

In addition to our internal scans, all bitvoodoo apps are scanned by Atlassian's Eco Scanners.

Visit the bitvoodoo apps in the Atlassian Marketplace

Try any of them 30 days for free