Security Practices
Security and privacy are integral to our products, infrastructure, and processes, ensuring your data is always safeguarded. Jira data remains on your site and never leaves it.
Last updated
Security and privacy are integral to our products, infrastructure, and processes, ensuring your data is always safeguarded. Jira data remains on your site and never leaves it.
Last updated
Released enables users to author release notes based on Jira data they have read access to. To do so, Released, running in the user's browser, invokes the Jira REST API directly or through gateway services operated by Released Software. The Jira REST API respects the signed-in user's, as well as the app's, permissions. No Jira data is ever loaded, created, updated, deleted, or otherwise manipulated in a way that has not been initiated by the user, or does not respect the permission model of the Jira site.
Release notes, roadmaps, and associated metadata are securely stored in a database located in the us-east-1 region of AWS. Access to the portals containing this data is controlled and restricted through the following security measures:
User verification: Access to the portals is granted only after successful This ensures that only authorized individuals can view or interact with the data.
Email domain restriction: Access can be further restricted by validating users’ email domains. This allows us to ensure that only users from trusted organizations or domains can access specific information.
Specific email address restrictions: Additionally, access can be limited to specific email addresses. This provides granular control over who can view or edit the data based on individual user identification.
Images included in restricted or public portals are stored in the us-east-2 region of AWS behind obfuscated URLs, designed to prevent unauthorized access. This ensures access is only granted to authorized users with the specific shared link, and preventing unauthorized access to the stored content.
User verification tokens grant access to view content in private portals for the next 7 days, valid only on the same device from which they were issued.
Data for publicly accessible portals is cached around the world in AWS S3, AWS Cloudfront and Cloudflare, for faster delivery to users.
Backup copies of data are stored in the us-east-1 region of AWS for up to 30 days.
The Released Software team does not require access to production infrastructure as build, test, and deployment processes are automated. This helps ensure the security and protection of sensitive information and reduces the risk of security breaches.
Restricted information in the database and in backups is only accessible by select employees when they are specifically needed to perform business duties.
Released Software leverages a Cloud identity provider and a Cloud access management platform to manage access to infrastructure and services. A strict password policy is enforced for team members, and all privileged level infrastructure and service provider access require 2FA tokens for an added layer of security.
We commit to the Accelerated Resolution Timeframes of and to our .