Security

Owned by Tomhauser Bence
Last updated: Aug 01, 2024
3 min read
images.png

Introduction

ImpEx is a Jira application designed to facilitate the import and export of Jira issues to and from Excel. It utilizes the Jira Cloud REST API, particularly the issue retrieval and modification APIs, ensuring seamless data management and workflow efficiency between Jira and Excel. The app respects user permissions, ensuring that no data is accessed or manipulated without proper authorization and user initiation.

Atlassian has certified our reliability and support as Cloud Fortified.

Data Processing, Storage, and Residency

The app processes and stores the following types of End-User Data: Content posted, received, or shared in the app, Email address, and Atlassian account ID. If an export is not downloaded or is canceled, the export file is retained for up to 60 days. Data is stored in a PostgreSQL database, pinned in either the EU-West or US-West region. The app supports data residency and stores End-User Data independently outside of Atlassian products and services in the following locations: United States of America and Ireland. More information on the app’s data residency policy can be found in the app’s product documentation or by contacting the respective app partner at support@moresimp.com.

Data Backup and Recovery

Our recovery plan involves restoring a database snapshot and rebuilding the AWS Beanstalk environment. This ensures data integrity is maintained and the application environment is promptly reinstated to its operational state. Full disk encryption is used for data stored outside of Atlassian.

Security Vulnerability Management

In case of a security breach, we notify our customers based on the severity of the issue. Severe security incidents are immediately communicated to customers, followed by workarounds until a hot-fix or new release is available. The app is a participant in the Marketplace Security Bug Bounty Program, where over 100 security researchers regularly scan ImpEx for vulnerabilities.

Incident Management and Communication

We notify users of errors, particularly rate limits from Atlassian APIs. Our response process for critical deployment issues involves a rollback strategy to minimize customer impact.

Performance Testing

We conduct performance testing at every release to assess the app’s ability to work at scale. This proactive approach ensures that ImpEx can handle increased loads and maintain optimal performance.

Data Transfer

All communication between the user's browser and the Jira site is encrypted using HTTPS, ensuring secure data transfer.

Issue Detection

Production issues are typically discovered through monitoring and support tickets, allowing us to address any problems promptly and efficiently. We ensure that all customer data and operational environments are secure and functional at all times.

Access to Customer Data

Customer data is transferred directly between Jira and the user’s browser. MORESIMP personnel do not have access to this data. Anonymized application logs ensure no identifiable customer information is exposed. Full disk encryption is used for data stored outside of Atlassian.

General Data Protection Regulation (GDPR)

MORESIMP is a 'data processor' under GDPR for the following types of End-User Data: Email address and Full name. The app uses a GDPR-approved mechanism, specifically Standard Contractual Clauses (SCCs), for transferring European Economic Area (EEA) residents' End-User Data outside of the EEA.

Subcontractors

Refer to our Privacy Policy for detailed information on subcontractors involved in our processes.