Data Policy

We take data security very seriously so we use only trusted service providers with the highest security standards. On this page, you will find details on how we secure our clients' data. If you think something is missing or you have any security related questions please let us know at Appfire Support Portal or support@appfire.com.

This document contains information for TFS4JIRA server and TFS4JIRA cloud 

Connection credentials

TFS4JIRA Synchronizer needs to store credentials for JIRA and TFS / Azure DevOps (formerly VSTS) - every password provided is stored in an encrypted(AES) form. (since version 7.1.2)

TFS4JIRA Server

In TFS4JIRA server all data is stored/processed in client infrastructure. The only thing, that is sent outside, are product analytics that does not contain any personal data

Private data stored / processed by TFS4JIRA components

ComponentData processed/storedRemarks

Jira Server App

YOUR INFRASTRUCTURE

Change set metadata : author, comment etc.

Just processed, nothing is stored.

No source code is processed.

Synchronizer

YOUR INFRASTRUCTURE

TFS / Azure DevOps (formerly VSTS) usernameFor synchronisation profiles and checkins scanning connection configurations is stored in DB

Jira usernameFor synchronisation profiles is stored in DB

Mapping configurations provided by TFS4JIRA user.Any mappings configuration, that can contain private data (e.g. users mappings - like names and emails) is stored in DB

Data synchronised by TFS4JIRAOnly processed. Any private data that is configured, by TFS4JIRA user, to be synchronised between TFS / Azure DevOps (formerly VSTS) and Jira.

Issue key and project key of synchronized pairs along with errors that happen while synchronizing themStored in DB and processed

Change set/commit metadata : author, comment, file names etc.Stored in DB and processed


TFS4JIRA Cloud

In our Jira Cloud solution most of the data is processed/stored by TFS4JIRA Synchronizer component - which runs in client infrastructure.
Only data needed for Jira Cloud app are processed (proxied) trough our infrastructure. See below table, diagram and description for details.  

Security rules

  • All external incoming or outgoing connections (or connection that go via public network) are made using secure protocol (for example: https,ssh). 
    If secure protocol cannot be used the sensitive content must be protected by other means.
  • Every connection, that is crossing network border(external or internal, physical, virtual or logical), is protected by at least one security measure (certificate, jwt token, etc).
  • No security measure can be used to cross multiple network borders. 
    For example, if we protect connections to Cloud external using Certificate A, then it cannot be used to protect connections to Cloud internal
  • Application data is stored in separate, dedicated database.

Logs

We collect various logs (access logs, application logs). Maximum retention period for TFS4JIRA Cloud logs is 14 days.

Change sets data additional encryption.

Due to possibility that, in some scenarios, the Synchronizer is deployed without https (against recommendations), we have implemented additional, custom, data encryption for change sets. All this data is secured using AES cipher with an encryption key provided in TFS4JIRA plugin configuration.

TFS4JIRA cloud architecture overview


Private data stored / processed by TFS4JIRA components

ComponentData processed/storedRemarks

Jira Cloud app

ATLASSIAN INFRASTRUCTURE

Change set metadata : author, comment etc.

Just processed, nothing is stored.

No source code is processed.

Synchronizer

YOUR INFRASTRUCTURE

TFS / Azure DevOps (formerly VSTS) usernameFor synchronisation profiles and checkins scanning connection configurations.

Jira user email addressFor synchronisation profiles.

Mapping configurations provided by TFS4JIRA user.Any mappings configuration, that can contain private data (e.g. users mappings)

Data synchronised by TFS4JIRAAny private data that is configured, by TFS4JIRA user, to be synchronised between TFS / Azure DevOps (formerly VSTS) and Jira.

Change set metadata : author, comment etc.
Additional info for TFS4JIRA cloud users:

TFS4JIRA cloud backend

APPFIRE INFRASTRUCTURE

Change set metadata : author, comment etc.No data is stored, it is just passed (proxied) from the Synchronizer to Jira Cloud user browser.

Data subprocessors for TFS4JIRA Cloud

TFS4JIRA cloud is using the following services as a sub processors:

Other services for TFS4JIRA  Cloud

TFS4JIRA SelfHosted - customers migrating from Jira Server to Jira Cloud

If you are doing migration from Jira Server and Jira Cloud (check our documentation: TFS4JIRA - Server to Cloud Migration) using JCMA (Jira Cloud Migration Assistant) SelfHosted Synchronizer will send your profiles to our Cloud infrastructure that will keep your data for the migration period (or maximum of 90 days since migration started).

ComponetData processed/storedRemarks

Synchronizer

OUR INFRASTRUCTURE

TFS / Azure DevOps (formerly VSTS) usernameFor synchronisation profiles.

Jira user email addressFor synchronisation profiles.

Mapping configurations provided by TFS4JIRA user.Any mappings configuration, that can contain private data (e.g. users mappings)