bitvoodoo ag

Security and Trust

bitvoodoo was founded in 2008. Since the release of our first apps (then called plugins) for Confluence in 2010, we strive to continuously improve our processes and development. We honor the trust of our customers by putting safety and security at the forefront of our Jira and Confluence app development and all other processes.

We are an Atlassian Marketplace Gold Partner. All our cloud apps are Cloud Fortified and Cloud Security Participants. The Atlassian Security Scanners regularly examine and verify the security of our apps. Naturally, we are also participants in the Marketplace Bug Bounty Program.

Below, we have compiled an overview of everything concerning the security of our Atlassian Confluence and Jira apps.

Software Development Lifecycle (SDLC)

  • Use of Developer Security Platforms.
    Automatic static code analysis scans to identify patterns of insecure code.
    Periodic scan for vulnerabilities in third-party dependencies.
  • Peer review in code reviews required.
  • Security awareness training.
  • Secured source code repositories.
  • Performance of dynamic testing prior to production release.
  • Using Secure by Default frameworks to prevent common classes of vulnerability


Security Scanning

Ecoscanner for Cloud and Security Scanner for Data Center apps.


Vulnerability & Patch Management

For vulnerability management, we adhere to the Atlassian guidelines.


Incident Response

We follow the Atlassian incident management guidelines.


General / Various

  • Multi-factor (2FA) authentication requirement.
  • Password Policy.


Infrastructure, Data Residency, Database, Backups, and Encryption

For bitvoodoo Confluence Cloud Connect apps

  • Global (hosted in AWS North Virginia, U.S.A.).
  • EU (hosted in AWS Frankfurt, Germany) currently available for Viewtracker and Navitabs
  • Data in transit is encrypted using Transport Layer Security (TLS 1.2).
  • Data at rest is encrypted using industry-standard AES-256 encryption.
  • Database
    Amazon Aurora PostgreSQL.
    Upgrade to the latest version regularly.
    2 Running instances for a failover.
    AWS Region: North Virginia: distributed to us-east-1a and us-east-1b.
    Backup Schedule: Daily
    Data Retention: Data for canceled accounts is retained up to max. 730 days. For an on-demand manual deletion, contact our support.

For bitvoodoo Cloud Forge apps

  • Forge apps run on the Jira Cloud Data Residency.
  • Our app Confidential Fields with Data Residency for Jira allows you to set other data center locations to store confidential data (on request).
  • More details on data security, encryption and storage in our app “Confidential Fields with Data Residency for Jira”.

For bitvoodoo Data Center (on-premise) apps

  • Self-hosted environment from the customer.
  • No data transit to bitvoodoo ag.


Privacy Policy

  • Our apps comply with GDPR, nFADP, CCPA, and other Data Protection regulations.
    The Viewtracker app “Data Privacy” lets admins control if the user identification is stored.
    All other bitvoodoo apps do not save any Personal Identifiable Information (PII).
  • bitvoodoo ag’s Privacy Policy


CAIQ-Lite

Download CAIQ-Lite 3.1 for bitvoodoo


Standard Contractual Clauses

When you use our cloud-hosted products, personal data may be processed by us. As we act as a contracted personal data processor, you may have to agree on the processing of personal data with us that complies with the relevant statutory requirements. Download the Standard Contractual Clauses (SCC) bitvoodoo-EN-SCC-EU_signed.pdf. We have pre-signed this agreement. When you have signed it, please email us a copy to dataprivacy@bitvoodoo.ch.


Privacy and Security of specific bitvoodoo apps


Additional Links

Atlassian Marketplace Gold Partner

Our Gold Marketplace Partner batch is proof of bitvoodoo's heavy investment in the Atlassian platform in alignment with their strategy.

Atlassian Cloud Fortified

The Cloud Fortified badge for all our Cloud apps indicates that they participate in all six of Atlassian's cloud app security programs.

Cloud Security Participation

Apps labeled with the Cloud Security Participant badge are part of a rigorous bug bounty program. We do active security research and fix security issues within the timeframe defined by Atlassian.

Bug Bounty Icon

Marketplace Bug Bounty Program

Atlassian is the first company to extend its bug bounty program into its ecosystem. For bitvoodoo, participating in this program is a must.

Eco Scanner Icon

Atlassian Eco Scanner

In addition to our internal scans, all bitvoodoo apps are scanned by Atlassian's Eco Scanners.

Visit the bitvoodoo apps in the Atlassian Marketplace

Try any of them 30 days for free

Elevate your Confluence insights! rocket Explore our latest guide to learn how to track usage and measure success on your Confluence pages.