Colined has two types of Apps on the Atlassian Marketplace.
Pivot Report uses DigitalOcean to host its cloud hosted App components, saved data and log information. Vendor representatives are responsible for provisioning, monitoring and maintaining the Digital Ocean infrastructure required to support Cloud App.
Data is hosted in California, United States.
DigitalOcean security policy is described in corresponding document.
If you use firewall, you may need to add DigitalOcean server with Pivot Report components to your whitelist:
Account Data: data that is required for license validation of the customer instance, provided and generated by Atlassian. Each web request, from and to JIRA Cloud, is authenticated and authorized before access is allowed, and all communication is secured through SSL (https). For troubleshooting purposes this data is stored for a period up to 30 days.
Session Data: Source data for report generation (issue id, board id, etc.) is provided and generated by Atlassian from each customer’s use. This data is stored for product analytics and performance monitoring for a period up to 30 days.
Private Data: usernames and emails, summary and description of the issues, names of boards, filters and etc. This data is passed from Atlassian servers to user browser directly, is not passed to the App and therefore is neither collected, nor stored.
App Settings: permission and Portfolio support settings, user settings for columns and tables display are stored within JIRA instance on Atlassian servers.
Saved reports: settings for saved reports such as name, source and other configuration parameters. This data is saved on the App side until deleted by user.
Data is backed up once per day.
Only Cloud App Developers or Support Engineers have access to the DigitalOcean platform hosting our Cloud Apps. They only have access to the application data to perform system or application support purposes.
HTTPS and SSH are the only protocols available to our cloud platform. SSH access is limited to Cloud App Support Engineers. SSH access is restricted to known trusted internal networks with key-based authentication.
Our platform is micro-service based which is also layered into public and internal/private. Each one of these services is responsible for its own data and provides its own access controls. We will also ship and monitor logs from these micro-services which we alert if abnormal behaviour is detected.
Customers are responsible for maintaining the security of their own login information.
All Colined Apps follow Atlassians guidelines on the GDPR Complaince. More info can be found here:
Metrics: Application metrics are stored for analysis and reporting in order for us to monitor the application performance. This includes anonymized organization data but no individual data. Users can turn off data collection in the App settings, so there will be no information passed out of the JIRA instance.