OverviewVIEW26 Cloud Services (hereafter referred to as “VIEW26 Cloud”) is hosted and delivered by Packet Host, Inc. (packet.com) (hereafter referred to as “Cloud Provider”). While the Cloud Provider is responsible for the security of its actual data centres, VIEW26 GmbH is responsible for monitoring, managing and securing the VIEW26 Cloud.
FacilitiesThe Cloud Provider is responsible for the data centres that host the VIEW26 Cloud. For more information about security at those data centres, please go to the appropriate links below:
VIEW26 Cloud is currently hosted in Amsterdam (https://www.packet.com/locations/amsterdam).
CertificationThe Cloud Provider is responsible for managing the security of the cloud. They have been certified by third-party organisations and are compliant with the applicable laws and regulations. The list of such certifications and compliance statements can be found in the links below:
Packet - https://www.packet.com/product-sheets/security-compliance/
View26 software products are subject to strict self-assessments to ensure compliance with security standards such as OWASP Application Security Verification Standard (ASVS) before public release.
Data StorageIn the VIEW26 Cloud, access to data at rest is cryptographically secured using industry-standard encryption.Additionally, all communications with the VIEW26 Cloud are protected with HTTPS.
Unless specifically highlighted below, VIEW26 do not store our customer data which instead is stored in the Atlassian Cloud Product that the add-on applies to.
Exceptions for all Cloud AppsAccount Data: Our Cloud Apps store data provided and generated by Atlassian, that are required for license validation, contract administration and communication with the customer instance.
Analytics: We use FullStory to allow us to analyse behaviour patterns that ultimately lead to product improvements. It is exclusively used in order to improve our service. It does not contain any Customer Uploaded Data or Operational Data. VIEW26 only capture the page that is viewed and the referrer along with the tenant identifier.
Error Logs data: Our Cloud Apps track errors of our Cloud Apps' resources executed in the end users' browsers in real-time. This includes for example AddOnKey, ClientKey, BaseUrl, anonymised TrackingID, error messages and information about the environment such as browser type, browser version and operating system. It is exclusively used in order to improve our service.
Metrics: Application metrics are sent to Datadog for analysis and reporting in order for us to monitor the applications performance.
Exceptions for Specific Cloud Apps
Charts & Reports for Jira ServiceDeskWe store and aggregate JIRA issue field values from your project to create Charts & Reports for Jira/ServiceDesk Cloud. However we do not store any JIRA Issue description, user profile pictures, attachments or comments in VIEW26 Cloud.
Page View AnalyticsWe store only the webhook events & user groups on VIEW26 Cloud. We do not store any of the Confluence Page or Space content on VIEW26 Cloud.
JSON Viewer for ConfluenceWe not transmit or store any confluence content on VIEW26 Cloud.
BackupsCustomer data is backed up once per day and is encrypted.
People and AccessWithin VIEW26, only a few members of the VIEW26 Operations Team have access to the production environment for the purposes of maintaining our cloud services and assisting our customers. Additionally, we monitor all access to the VIEW26 Cloud.
Customers are responsible for the security of their own login information.
Security Incident PolicyEvery care is taken by VIEW26 to protect personal data from incidents (either accidentally or deliberately) to avoid a data protection breach that could compromise security.For more information, please see our Security Incident Policy.
Bug Fix Policy
|Bug Severity||Example||SLA||Critical.||Direct access to application or database servers||Within 10 business days of being reported|
|High.||Leakage of sensitive data through bugs / exploits in the application||Within 3 weeks of being reported|
|Medium.||Leakage of non-sensitive data||Within 6 weeks of being reported|
For more information, please see our Change Control & Release Management.