Cloud Security Statement


Overview

VIEW26 Cloud Services (hereafter referred to as “VIEW26 Cloud”) is hosted and delivered by Packet Host, Inc. (packet.com) (hereafter referred to as “Cloud Provider”). While the Cloud Provider is responsible for the security of its actual data centres, VIEW26 GmbH is responsible for monitoring, managing and securing the VIEW26 Cloud.

Facilities

The Cloud Provider is responsible for the data centres that host the VIEW26 Cloud. For more information about security at those data centres, please go to the appropriate links below:
VIEW26 Cloud is currently hosted in Amsterdam (https://www.packet.com/locations/amsterdam).

Certification

The Cloud Provider is responsible for managing the security of the cloud. They have been certified by third-party organisations and are compliant with the applicable laws and regulations. The list of such certifications and compliance statements can be found in the links below:
Packet - https://www.packet.com/product-sheets/security-compliance/

View26 software products are subject to strict self-assessments to ensure compliance with security standards such as OWASP Application Security Verification Standard (ASVS) before public release.

Data Storage

In the VIEW26 Cloud, access to data at rest is cryptographically secured using industry-standard encryption.Additionally, all communications with the VIEW26 Cloud are protected with HTTPS.

Unless specifically highlighted below, VIEW26 do not store our customer data which instead is stored in the Atlassian Cloud Product that the add-on applies to.

Exceptions for all Cloud Apps

Account Data: Our Cloud Apps store data provided and generated by Atlassian, that are required for license validation, contract administration and communication with the customer instance.

Analytics: We use FullStory to allow us to analyse behaviour patterns that ultimately lead to product improvements. It is exclusively used in order to improve our service. It does not contain any Customer Uploaded Data or Operational Data. VIEW26 only capture the page that is viewed and the referrer along with the tenant identifier.

Error Logs data: Our Cloud Apps track errors of our Cloud Apps' resources executed in the end users' browsers in real-time. This includes for example AddOnKey, ClientKey, BaseUrl, anonymised TrackingID, error messages and information about the environment such as browser type, browser version and operating system. It is exclusively used in order to improve our service.

Metrics: Application metrics are sent to Datadog for analysis and reporting in order for us to monitor the applications performance.

Exceptions for Specific Cloud Apps


Charts & Reports for Jira ServiceDesk
We store and aggregate JIRA issue field values from your project to create Charts & Reports for Jira/ServiceDesk Cloud. However we do not store any JIRA Issue description, user profile pictures, attachments or comments in VIEW26 Cloud.

Page View Analytics
We store only the webhook events & user groups on VIEW26 Cloud. We do not store any of the Confluence Page or Space content on VIEW26 Cloud.

JSON Viewer for Confluence
We not transmit or store any confluence content on VIEW26 Cloud.

Backups

Customer data is backed up once per day and is encrypted.

People and Access

Within VIEW26, only a few members of the VIEW26 Operations Team have access to the production environment for the purposes of maintaining our cloud services and assisting our customers. Additionally, we monitor all access to the VIEW26 Cloud.
Customers are responsible for the security of their own login information.

Security Incident Policy

Every care is taken by VIEW26 to protect personal data from incidents (either accidentally or deliberately) to avoid a data protection breach that could compromise security.For more information, please see our Security Incident Policy.

Bug Fix Policy


  Bug Severity   Example SLA
  Critical.   Direct access to application or database servers   Within 10 business days of being reported
  High.   Leakage of sensitive data through bugs / exploits in the application   Within 3 weeks of being reported
  Medium.   Leakage of non-sensitive data   Within 6 weeks of being reported

For more information, please see our Change Control & Release Management.

Privacy

VIEW26 understands the importance and is committed to ensure the privacy of your personally identifiable information. For more information, please see our Privacy Policy.