Security Policy

This Security Policy outlines the measures and procedures put in place by Softwaretao to ensure the security of data processed by our Cloud apps as well as the Cloud apps itself. We take security seriously and are committed to protecting our Cloud apps from security threats.

If you become aware of any security incident, please report it to us via service@softwaretao.com promptly.

Security programs

• All of our Cloud apps take part in internal penetration testing sessions which are conducted by IT experts from Softwaretao who do not work on our Cloud apps on a day-to-day basis.

Vulnerability management

• We adhere to the resolution timeframes of Atlassian’s security bug fix policy.

Data protection

• Our Cloud apps are written using Atlassian Forge.

• In particular, they are hosted by Atlassian and keep all data in Atlassian’s infrastructure. Therefore, all data stored and processed by these apps remains in Atlassian’s infrastructure.

• Our Cloud apps do not transmit any data to us or any other external third-party system.

• You can find more information about this in our Privacy Policy.

Data resilience

• As all data of our Cloud apps is stored within Atlassian’s infrastructure, we rely on on Atlassian’s backup and recovery mechanisms.

Internal security measures

• We have laid down an internal security policy and implemented response protocols to respond to security incidents promptly and effectively.

• All employees have committed themselves to confidentiality, in particular regarding personal data.

• Knowledge on data protection regulations is maintained with yearly briefings.

• All personalized accounts have individual passwords that must fulfill current recommendations for secure passwords.

• Our workstations are individually assigned and not shared between employees.

• Data on hard drives of all workstations is fully encrypted.

• Security patches are installed regularly.

• All employees are ordered to lock their workstations on absence.

• Access is granted by roles. We follow a “need to know” principle and only grant access to information if it is absolutely required for an employee to conduct their official duties.

• When developing our Cloud apps, we strictly separate development, staging, and production environments.