Security Practices
Security and privacy are integral to our products, infrastructure, and processes, ensuring your data is always safeguarded. Jira data remains on your site and never leaves it.
Accessing Jira data
Released enables users to author release notes based on Jira data they have read access to. To do so, Released, running in the user's browser, invokes the Jira REST API directly or through gateway services operated by Released Software. The Jira REST API respects the signed-in user's, as well as the app's, permissions. No Jira data is ever loaded, created, updated, deleted, or otherwise manipulated in a way that has not been initiated by the user, or does not respect the permission model of the Jira site.
Storage and access to portal data
Restricted portals
Release notes, roadmaps, and associated metadata are securely stored in a database located in the us-east-1 region of AWS. Access to the portals containing this data is controlled and restricted through the following security measures:
Portal access control
User verification: Access to the portals is granted only after successful user verification. This ensures that only authorized individuals can view or interact with the data.
Email domain restriction: Access can be further restricted by validating users’ email domains. This allows us to ensure that only users from trusted organizations or domains can access specific information.
Specific email address restrictions: Additionally, access can be limited to specific email addresses. This provides granular control over who can view or edit the data based on individual user identification.
Image storage
Images included in restricted or public portals are stored in the us-east-2 region of AWS behind obfuscated URLs, designed to prevent unauthorized access. This ensures access is only granted to authorized users with the specific shared link, and preventing unauthorized access to the stored content.
Token expiration
User verification tokens grant access to view content in private portals for the next 7 days, valid only on the same device from which they were issued.
Public portals
Data for publicly accessible portals is cached around the world in AWS S3, AWS Cloudfront and Cloudflare, for faster delivery to users.
Public portals provide general information about software releases, including new features, bug fixes, and performance improvements. Public portals are a great way to increase transparency and build trust with customers. To ensure the security and privacy of sensitive information, it is important to carefully consider the information included in public portals and avoid disclosing sensitive information that could be used by attackers.
Backups
Backup copies of data are stored in the us-east-1 region of AWS for up to 30 days.
Infrastructure Access
The Released Software team does not require access to production infrastructure as build, test, and deployment processes are automated. This helps ensure the security and protection of sensitive information and reduces the risk of security breaches.
Restricted information in the database and in backups is only accessible by select employees when they are specifically needed to perform business duties.
Identity and Access Management
Released Software leverages a Cloud identity provider and a Cloud access management platform to manage access to infrastructure and services. A strict password policy is enforced for team members, and all privileged level infrastructure and service provider access require 2FA tokens for an added layer of security.
Security vulnerabilities management
We commit to the Accelerated Resolution Timeframes of Atlassian's security bugfix policy and to our Service level agreement.
Last updated