Data Policy
- spg bot
- Roman Lutsiv [Appfire]
We take data security very seriously so we use only trusted service providers with the highest security standards. On this page, you will find details on how we secure our clients' data. If you think something is missing or you have any security related questions please let us know at Appfire Support Portal or support@appfire.com.
This document contains information for TFS4JIRA server and TFS4JIRA cloud
Connection credentials
TFS4JIRA Synchronizer needs to store credentials for JIRA and TFS / Azure DevOps (formerly VSTS) - every password provided is stored in an encrypted(AES) form. (since version 7.1.2)
TFS4JIRA Server
In TFS4JIRA server all data is stored/processed in client infrastructure. The only thing, that is sent outside, are product analytics that does not contain any personal data
Private data stored / processed by TFS4JIRA components
| Component | Data processed/stored | Remarks |
|---|---|---|
Jira Server App YOUR INFRASTRUCTURE | Change set metadata : author, comment etc. | Just processed, nothing is stored. No source code is processed. |
Synchronizer YOUR INFRASTRUCTURE | TFS / Azure DevOps (formerly VSTS) username | For synchronisation profiles and checkins scanning connection configurations is stored in DB |
| Jira username | For synchronisation profiles is stored in DB | |
| Mapping configurations provided by TFS4JIRA user. | Any mappings configuration, that can contain private data (e.g. users mappings - like names and emails) is stored in DB | |
| Data synchronised by TFS4JIRA | Only processed. Any private data that is configured, by TFS4JIRA user, to be synchronised between TFS / Azure DevOps (formerly VSTS) and Jira. | |
| Issue key and project key of synchronized pairs along with errors that happen while synchronizing them | Stored in DB and processed | |
| Change set/commit metadata : author, comment, file names etc. | Stored in DB and processed |
TFS4JIRA Cloud
In our Jira Cloud solution most of the data is processed/stored by TFS4JIRA Synchronizer component - which runs in client infrastructure.
Only data needed for Jira Cloud app are processed (proxied) trough our infrastructure. See below table, diagram and description for details.
Security rules
- All external incoming or outgoing connections (or connection that go via public network) are made using secure protocol (for example: https,ssh).
If secure protocol cannot be used the sensitive content must be protected by other means. - Every connection, that is crossing network border(external or internal, physical, virtual or logical), is protected by at least one security measure (certificate, jwt token, etc).
- No security measure can be used to cross multiple network borders.
For example, if we protect connections to Cloud external using Certificate A, then it cannot be used to protect connections to Cloud internal - Application data is stored in separate, dedicated database.
Logs
We collect various logs (access logs, application logs). Maximum retention period for TFS4JIRA Cloud logs is 14 days.
Change sets data additional encryption.
Due to possibility that, in some scenarios, the Synchronizer is deployed without https (against recommendations), we have implemented additional, custom, data encryption for change sets. All this data is secured using AES cipher with an encryption key provided in TFS4JIRA plugin configuration.
TFS4JIRA cloud architecture overview
Private data stored / processed by TFS4JIRA components
| Component | Data processed/stored | Remarks |
|---|---|---|
Jira Cloud app ATLASSIAN INFRASTRUCTURE | Change set metadata : author, comment etc. | Just processed, nothing is stored. No source code is processed. |
Synchronizer YOUR INFRASTRUCTURE | TFS / Azure DevOps (formerly VSTS) username | For synchronisation profiles and checkins scanning connection configurations. |
| Jira user email address | For synchronisation profiles. | |
| Mapping configurations provided by TFS4JIRA user. | Any mappings configuration, that can contain private data (e.g. users mappings) | |
| Data synchronised by TFS4JIRA | Any private data that is configured, by TFS4JIRA user, to be synchronised between TFS / Azure DevOps (formerly VSTS) and Jira. | |
| Change set metadata : author, comment etc. | ||
| Additional info for TFS4JIRA cloud users: | ||
TFS4JIRA cloud backend APPFIRE INFRASTRUCTURE | Change set metadata : author, comment etc. | No data is stored, it is just passed (proxied) from the Synchronizer to Jira Cloud user browser. |
Data subprocessors for TFS4JIRA Cloud
TFS4JIRA cloud is using the following services as a sub processors:
Amazon Web Services, Inc. - https://aws.amazon.com
Other services for TFS4JIRA Cloud
- Google Analytics by Google Inc. - https://analytics.google.com/
TFS4JIRA SelfHosted - customers migrating from Jira Server to Jira Cloud
If you are doing migration from Jira Server and Jira Cloud (check our documentation: TFS4JIRA - Server to Cloud Migration) using JCMA (Jira Cloud Migration Assistant) SelfHosted Synchronizer will send your profiles to our Cloud infrastructure that will keep your data for the migration period (or maximum of 90 days since migration started).
| Componet | Data processed/stored | Remarks |
|---|---|---|
Synchronizer OUR INFRASTRUCTURE | TFS / Azure DevOps (formerly VSTS) username | For synchronisation profiles. |
| Jira user email address | For synchronisation profiles. | |
| Mapping configurations provided by TFS4JIRA user. | Any mappings configuration, that can contain private data (e.g. users mappings) |