Security and Data Statement
Behave Pro is an Atlassian Connect application for JIRA Cloud (formally OnDemand). The Atlassian Connect architecture requires data communication between JIRA Cloud and Behave Pro to be hosted on separate hardware.
Hindsight Software is responsible for provisioning, monitoring, and managing the servers for the Behave Pro application. Hindsight hosts Behave Pro with Amazon AWS and Rackspace, with all communication between JIRA Cloud and Behave Pro using HTTPS (HTTP encrypted with SSL).
The remainder of the document describes security and privacy of 3rd party data stored within Behave Pro only and not Atlassian OnDemand.
Data Storage and Facilities
Behave Pro is hosting uses both AWS and Rackspace to provide the best possible level of service. The main application servers are typically hosted with AWS and the Databases are hosted with Rackspace
Stored JIRA data
Behave Pro for JIRA Cloud uses JIRA issues REST APIs to query data from selected projects to provide the desired functionality. We will sometime cache this data for performance reasons but only the minimal amount of data will be stored. Behave Pro stores, in its own database, all Feature, Scenario and Test Reports information. Additional data will be store in JIRA to provide search functionality.
People and Access
Excepting the Database Administrator, no Hindsight members of staff maintain an account that can access your private data. This access is required for application health monitoring, or for performing system and application maintenance. Authentication to application servers is done via individual passphrase-protected public keys and two factor authentication, rather than passwords, and the servers only accept incoming SSH connections from Hindsight and internal data centre IP addresses.
Behave Pro is designed to allow application data to be accessible only with appropriate credentials, such that one customer cannot access another customer's data without explicit knowledge of that other customers' login information. Customers are responsible for maintaining the security of their own login information.
Behave Pro users are authenticated using Atlassian Connect JWT authentication and user passwords are never accessed or used. Behave Pro will get JIRA Cloud current user information which will be used for access control. Customers are responsible for maintaining the security of their own JIRA Cloud login information.
Behave Pro application database full backups are performed once per day and are retained for 30 days.
When a customers subscriptions lapses or ends we will retain the data for a period of 30 days and then the data may be be removed. Within this 30 days period customers can renew their subscription and continue to access the data.
Customers may request the permanent removal of data from our systems by writing to 12-14 Bridge Street, Leatherhead, Surrey, KT22 8BZ. The removal of data will be conducted within 15 days and does not include removing data from any backups materials.