Security Policy

Introduction

Welcome to Solidini. This Security Policy outlines how we handle any information collected through the use of our Jira apps (add-ons). We are committed to maintaining the highest standards of security to protect our users and their data.


Scope

This policy applies to all employees, contractors, third-party service providers, and users who interact with our Add-on. It covers all aspects of the data handling, system interactions, and additional security measures beyond Jira's authentication and access control.


Authentication and Access Control

Jira Authentication: All user authentication for the add-ons is handled by Atlassian Jira. Users must have valid Jira credentials to access our add-ons, and we rely on Jira's authentication protocols, including multi-factor authentication (MFA), if enabled.

Backends hosted on the Atlassian services: For backends that are hosted on Atlassian services, we rely on the Atlassian Forge framework for handling the access controls.

Backends not hosted on the Atlassian services: For backends not hosted on Atlassian services (external services), we rely on standard authentication measures and the implementation of the Atlassian Connect framework and best practices.


Data Protection

Data Classification: Data processed by the Add-on is classified according to its sensitivity and handled as such

Data Handling and Storage: Data is handled as much as possible within the services of Atlassian. Whenever needed, it can be handled and stored outside of Atlassian services. Data is only handled and stored on a need to know basis.

Data Encryption:Any data transferred to external services is encrypted using industry-standard encryption protocols. Data stored within Atlassian Services follows Atlassian's encryption guidelines.


Incident Response

Incident Reporting: Any security incidents or vulnerabilities identified within the add-ons must be reported immediately to our security team at Solidini, which can be contacted via info@solidini.com

Incident Management: We have an incident response plan in place to address security breaches or incidents specifically related to our add-on.


Employee Training and Awareness

Security Training: All employees and contractors involved in the development and maintenance of our add-ons are required to stay up to date with latest security best practices.


Continuous Monitoring and Auditing

Monitoring: We continuously monitor our add-ons for suspicious activity, vulnerabilities, and potential threats, ensuring that the add-ons do not introduce any security risks.

Auditing: Regular audits of the add-ons' security controls, policies, and practices are conducted to ensure compliance with both our internal standards and Atlassian's security requirements.


Compliance and Legal Requirements

We comply with all applicable laws, regulations, and industry standards related to data security and protection as they apply to our add-ons. This includes compliance with Atlassian’s Marketplace Security Requirements.


Changes to This Security Policy

We may update our Security Policy from time to time. We will notify you of any changes by posting the new Security Policy on this page.

Effective Date: This Security Policy is effective as of 1 July 2024.

Last updated: This Security Policy was last updated 29 August 2024.


Contact Us

If you have any questions about this Security Policy, please contact us at: info@solidini.com

Thank you for using Solidini Slack add-ons. We are committed to protecting your privacy and ensuring the security of your data.