Atlassian Security Statement

Overview

Zumvie is a Jira Cloud app to manage the one-on-one meeting between a manager and the direct report. The App is delivered through the Atlassian Connect API.

Data we gather and how we store it

When you install the app and want to make a team, Zumvie will lookup the display names of your Jira organization members when you search for them. A display name will only be stored in our database once you add the given display name to a team. The display name is the only information we will have access to and store from your organizations Jira users.

Any information stored by us, including the notes that you make inside the app, are stored on a DynamoDB database hosted on AWS in Europe (Frankfurt) Region. We plan to move to “globally distributed services” in the foreseeable future.

We use Point-in-Time Recovery for DynamoDB, ensuring that your data is backed up at all times for up to 35 days.

Privacy

Businesses store very sensitive information on our app, the notes from their one-on-one meetings, therefore we take privacy and security extremely seriously. 

Since we understand how much impact privacy and security can make in the process of adapting an app like ours, we take security and privacy extremely seriously and not just as a formality. We view it as a feature and a requirement in the value we provide to our customers.

  • We comply with the GDPR privacy policy.
  • You can find our privacy policy here: https://www.zumvie.com/privacy-policy/ 
  • We aim to be ISO 27001 compliant and we are planning to get fully ISO 27001 certified in 2022. You can email us at Bertrams@zumvie.com for more questions on this.
  • As of October 2021, our servers and databases are only accessible by one person – the CTO and co-founder of the company – no one else is given access.
  • We don’t look at the information stored with us and it’s only used for our app to function.
  • Since we use AWS, we are able to provide the most up-to-date security measures and privacy policies. 
  • To secure the notes from unauthorized access, user authorization and authentication is done using Atlassian Connect issued sharedKey on install events and jwt tokens issued at session times.
    • This means that to access user, team, organization data, access to a jwt token issued by Atlassian Connect is necessary.

For more questions

Please contact us at Bertrams@zumvie.com or book a time to speak with us here: https://meetings.hubspot.com/bertrams-lukstins/20-min-demo 

0Shares
0 0