Security Statement

Security Statement


Overview

Comalatech provides hosted services and delivers them through Atlassian Cloud remote add-on framework (Atlassian Connect). We use other well known and established third-party providers to deliver these services. We will always use appropriate administrative and technical, security measures to protect your information.

Comalatech also provides downloadable products, which are installed in the client’s premises. Such products are hosted in the client’s premises and we do not have any access to any of the client’s content.

Data Storage

All content handled by our Cloud applications (issues, cards, approval status) is stored directly to the Atlassian Cloud system. At times, we may temporarily store (cache) some user and/or configuration information required for the operation of the applications.

People and Access

Our Cloud applications have limited access to customer data and such access is programmatically negotiated during the add-on installation, following Atlassian Connect protocols, including public/private key based authentication. The applications only access the information required for providing our services and only data generated by our applications may be temporary retained by our applications for caching and synchronisation purposes only.

Our Cloud applications are designed to allow application data to be accessible only with appropriate credentials, such that one customer cannot access another customer’s data.

Our global support team have access to our Cloud applications and may access customer data only for purposes of application health monitoring and performing system or application maintenance, and upon customer request via our support system.

This does not apply to our downloadable/server products.

Third Parties

To host its Cloud applications, Comalatech uses Heroku, a leading cloud platform as a service provider. Heroku’s security statement is available here.

For our Cloud applications’ configuration storage, Comalatech uses RedisGreen, a secure, realtime data storage platform. RedisGreen’s security statement is available here.

To send email notifications to users, Comalatech uses SparkPost, a leading email delivery platform. You can read their privacy policy here.

This does not apply to our downloadable/server products.

Privacy

Comalatech understands and is committed to the importance of ensuring the privacy of your personally identifiable information. For more information, please see our Privacy Policy.

Reporting Security Vulnerabilities

We are committed to ensuring the security and confidentiality of your information, and it's very important for us to hear about ways we can improve the security of our products.

If you discover a vulnerability, please disclose it to us through our Support System, or email security@comalatech.com.

To be able to assess the exploitability and impact of the issue, provide us with as much information as possible:

  • Provide the steps used to reproduce the issue, including any URL's or code involved
  • HTTP request / response captures, or simply packet captures are also very useful to us.

Please be aware that we are unable to respond to generic scanner reports. If you have had a security practitioner examine a generic scan report and they have isolated specific vulnerabilities that need to be addressed, we request that you use our Support System to report them individually.