| Info | ||
|---|---|---|
| ||
This part of the documentation relates to Cloud Native Synchronizer. If you use Jira Server and Azure DevOps Server / TFS go to Data Policy for On premises Synchronizer |
We take data security very seriously so we use only trusted service providers with the highest security standards. On this page, you will find details on how we secure our clients' data. If you think something is missing or you have any security related questions please let us know at Spartez Software Support Portal or support@spartez-software.com.
| Table of Contents |
|---|
Google Cloud Platform
Cloud SQL
Datastore
Google Cloud's operations suite
BigQuery
Cloud storage
Amazon Web Services
Simple Storage Service (S3)
Abbreviations used
- AWS - Amazon Web Services
- GCP - Google Cloud Platform
- JWT - json web token
- PAT - personal access token
- PII - personally identifiable information
- TLS - transport layer security
- UGC - user generated content
- VPC - virtual private cloud
Data at rest
Synchronization profiles
Every customer has his own, separate database that stores synchronization profiles in Cloud SQL.
...
They interoperate with other components of Cloud-Native Synchronizer architecture over a VPC.
Value mappings
One of the strategies to synchronize fields between Jira and Azure is to create a value mapping.
...
This is essential to achieve useful mappings for fields like users, components, area path, etc.
Connection credentials
In order to synchronize data between Jira and Azure, Synchronizer requires read / write access to one or both systems depending on synchronization direction.
...
After encryption PATs are stored together with the synchronization profile in Cloud SQL database.
Data from external systems
During synchronization, Synchronizer needs to store identities of synchronized object pairs.
...
- Work item Ids / issue Ids
- Comment Ids
- Attachment Ids
Customer-facing logs
These logs have been specifically designed to report problems that a customer can fix, and refer to.
These logs are stored in Datastore and are guaranteed to be retained as long as the customer has a paying subscription to the product.
Platform logs
Platform logs include application, infrastructure, and audit logs are stored using Google Cloud's operations suite with a maximum retention period of 30 days.
These logs are not visible to any customer and are needed for audit, maintenance, and troubleshooting.
PII and UGC in logs
Synchronizer does not add any PII to logs.
...
In such cases, Synchronizer will log this data "as is", without making any attempt to discover or remove sensitive data.
Metrics and Telemetry
Spartez reserves the right to collect, store, process, and analyze operational and business metrics and telemetry, without notifying the customer which specific metric is collected.
...
This data will be used to adjust our roadmap and to reach out to customers for feedback.
Backups
Backups contain the following data:
...
Backups are performed on a daily basis and stored using GCP Cloud Storage, and then transferred via secure copy protocol to an encrypted AWS S3 bucket with a retention period of 30 days.
Data in motion
Cloud-Native Synchronizer is a distributed application built on top of GCP cloud products. Components of the system interoperate securely, mostly via https inside Google cloud.
...
- When reading the information from Jira or Azure and writing the data to Jira or Azure, the communication happens over https, using authentication mechanism required by the systems (mostly basic auth with PAT).
- When a customer is using UI in their user agent, the data is transferred via https using JWT authentication via secure http-only cookies.
- When transferring backups from GCP to AWS, AWS s3 cp utility is used, which communicates via TLS
Data sub-processors
...