This document describes our security policy. We cannot guarantee that no leak will ever happen, but we do our best to keep your data safe.
How we keep our communications secure
We make our best to use state-of-the-art techniques to keep the data safe:
- We use SSH keys to access our servers,
- We use HTTPS and SSL certificates to communicate between us and with you.
- We don't transfer data in clear-text over the network, except in situations where we display a warning such as support requests through emails.
How we keep the data secure
Once again, we make our best to use state-of-the-art techniques to keep the data safe:
- Our main servers are hosted by Digital Ocean, which has extremely good security procedures: https://www.digitalocean.com/legal/data-security/
- The hard drives of our personal computers are encrypted (for example with Apple's FileVault 2),
- Our personal backup drives are encrypted (for example with Apple's FileVault 2 / Time Machine).
Where we host your data
How we develop secure software
- We ensure that our plugins check Confluence and Jira permissions before exposing data to users,
- We use peer-reviews to detect errors and security issues before releases,
- We use Git to manage changes, so that any code that goes to production is easily auditable.
How we ensure continued security
Whenever we are aware of a leak affecting the software we use (for example Heartbleed or Shellshock), we halt the service in emergency and upgrade our systems.