bitvoodoo ag
Security and Trust
bitvoodoo was founded in 2008. Since the release of our first apps (then called plugins) for Confluence in 2010, we strive to continuously improve our processes and development. We honor the trust of our customers by putting safety and security at the forefront of our Jira and Confluence app development and all other processes.
We are an Atlassian Marketplace Gold Partner. All our cloud apps are Cloud Fortified and Cloud Security Participants. The Atlassian Security Scanners regularly examine and verify the security of our apps. Naturally, we are also participants in the Marketplace Bug Bounty Program.
Below, we have compiled an overview of everything concerning the security of our Atlassian Confluence and Jira apps.
Software Development Lifecycle (SDLC)
- Use of Developer Security Platforms.
Automatic static code analysis scans to identify patterns of insecure code.
Periodic scan for vulnerabilities in third-party dependencies. - Peer review in code reviews required.
- Security awareness training.
- Secured source code repositories.
- Performance of dynamic testing prior to production release.
- Using Secure by Default frameworks to prevent common classes of vulnerability
Security Scanning
Ecoscanner for Cloud and Security Scanner for Data Center apps.
Vulnerability & Patch Management
For vulnerability management, we adhere to the Atlassian guidelines.
Incident Response
We follow the Atlassian incident management guidelines.
General / Various
- Multi-factor (2FA) authentication requirement.
- Password Policy.
Infrastructure, Data Residency, Database, Backups, and Encryption
For bitvoodoo Confluence Cloud Connect apps
- Global (hosted in AWS North Virginia, U.S.A.).
- EU (hosted in AWS Frankfurt, Germany) currently available for Viewtracker and Navitabs
- Data in transit is encrypted using Transport Layer Security (TLS 1.2).
- Data at rest is encrypted using industry-standard AES-256 encryption.
- Database
Amazon Aurora PostgreSQL.
Upgrade to the latest version regularly.
2 Running instances for a failover.
AWS Region: North Virginia: distributed to us-east-1a and us-east-1b.
Backup Schedule: Daily
Data Retention: Data for canceled accounts is retained up to max. 730 days. For an on-demand manual deletion, contact our support.
For bitvoodoo Cloud Forge apps
- Forge apps run on the Jira Cloud Data Residency.
- Our app Confidential Fields with Data Residency for Jira allows you to set other data center locations to store confidential data (on request).
- More details on data security, encryption and storage in our app “Confidential Fields with Data Residency for Jira”.
For bitvoodoo Data Center (on-premise) apps
- Self-hosted environment from the customer.
- No data transit to bitvoodoo ag.
Privacy Policy
- Our apps comply with GDPR, nFADP, CCPA, and other Data Protection regulations.
The Viewtracker app “Data Privacy” lets admins control if the user identification is stored.
All other bitvoodoo apps do not save any Personal Identifiable Information (PII). - bitvoodoo ag’s Privacy Policy
CAIQ-Lite
Download CAIQ-Lite 3.1 for bitvoodoo
Standard Contractual Clauses
When you use our cloud-hosted products, personal data may be processed by us. As we act as a contracted personal data processor, you may have to agree on the processing of personal data with us that complies with the relevant statutory requirements. Download the Standard Contractual Clauses (SCC) bitvoodoo-EN-SCC-EU_signed.pdf. We have pre-signed this agreement. When you have signed it, please email us a copy to dataprivacy@bitvoodoo.ch.
Privacy and Security of specific bitvoodoo apps
- Viewtracker Privacy and Security
- Navitabs Privacy and Security
- Confidential Fields Privacy and Security
- Translations Privacy and Security
- Advanced Panelboxes Privacy and Security
Additional Links
- Atlassian Marketplace App Trust
- Atlassian Cloud Security Program
- Atlassian Security Requirements for Cloud Apps
- Atlassian Security Scanning
- Atlassian Security Guidelines for Marketplace Partners
- Atlassian App security incident Management Guidelines
- Amazon Web Services: Security
Atlassian Marketplace Gold Partner
Our Gold Marketplace Partner batch is proof of bitvoodoo's heavy investment in the Atlassian platform in alignment with their strategy.
Atlassian Cloud Fortified
The Cloud Fortified badge for all our Cloud apps indicates that they participate in all six of Atlassian's cloud app security programs.
Cloud Security Participation
Apps labeled with the Cloud Security Participant badge are part of a rigorous bug bounty program. We do active security research and fix security issues within the timeframe defined by Atlassian.
Marketplace Bug Bounty Program
Atlassian is the first company to extend its bug bounty program into its ecosystem. For bitvoodoo, participating in this program is a must.
Atlassian Eco Scanner
In addition to our internal scans, all bitvoodoo apps are scanned by Atlassian's Eco Scanners.