Security FAQ

Welcome to the Security FAQ section for Getint, particularly focusing on our SaaS deployment type, which is the default for Jira Cloud customers. Here, we aim to address common security concerns and standards expectations from our customers regarding data handling, encryption, access, and more.

Alternative Deployment Options: If our SaaS deployment does not fully meet your security requirements, consider our On-Premise (Self-Hosted) version. This option allows you to run the Getint platform entirely behind your firewall, integrated within your company's infrastructure for enhanced security control.

What type of data is transmitted, processed, generated, and/or stored by Getint?

Getint handles only essential data required for integration and synchronization as configured by the customer. This includes item data (issues, tasks, bugs, incidents), comments, user identifiers, encrypted connection details, and URLs to app instances under integration.

Does Getint handle sensitive (personal, health, financial, etc.) data?

Typically, no. Sensitive data is only processed if it is stored in the items being synchronized and explicitly selected for sync by the customer.

Is data encrypted in transit in Getint's SaaS deployment?

Yes, in our SaaS deployment, data transmission is internal, minimizing external exposure. We utilize SSL for HTTPS protocols, ensuring data is encrypted during transmission.

How is data encrypted at rest, and how are keys/secrets managed?

Keys and secrets are encrypted and stored securely on Getint-owned hosts. Detailed information on key management is restricted for security reasons.

Who has access to Personally Identifiable Information (PII) or Protected Health Information (PHI) within Getint?

Access to PII or PHI is strictly limited and not applicable under general circumstances, with only Getint company owners having potential access.

Is the code stored in source control, and are clear-text passwords present?

Our source code is managed in GIT via Azure DevOps, with no clear-text passwords stored in the code. Passwords required for application operation are provided at runtime.

What is Getint's data backup strategy?

Getint implements daily backups, which are retained for 30 days, ensuring data resilience and recovery capabilities.

How does Getint ensure the sanitization of back-up tapes, failed hard drives, and other storage media?

Our infrastructure relies on Linode, which manages all aspects of backups, hard drives, and VMs utilization according to their SLA terms, ensuring proper data sanitization.

How is patching of the software/application implemented in Getint?

Patching follows rigorous testing phases including unit, automatic, UAT testing, and deployment to production, ensuring backward compatibility with a blue/green deployment technique.

How does data get to the application/service, and can external users load it?

Data is provided by the customer through a secured account within the application. Each customer's data is stored in a separate database schema, with no external access for loading/reading data, except for backups.

Getint employs standard security techniques provided by the Spring framework for data integrity and input validation.

Is Getint participating in a Bug Bounty program?

Yes.

Where is data stored, and what encryption is used for data at rest and in transit?

Data is stored on the cloud (Linode), utilizing HTTPS for encryption in transit. Users are authenticated using JWT tokens, with no specific details provided for at-rest encryption in this context.

Are strong password rules applied, and is multifactor authentication used?

Yes, strong password rules are enforced, with frequent rotation. Multifactor authentication is implemented for internal systems used by Getint company members.

How is the authorization of users managed, and is role-based access used?

Authorization for both cloud-based and on-premise solutions is now secured using JWT tokens. Additionally, we've recently implemented a tiered access system for user accounts.

Are secure code development practices used to develop the product?

Yes, Getint follows best practices including code reviews, segmented environments, UAT, and smoke testing, among others.

Does the vendor conduct pentesting of the product and platform?

Yes, pentesting is conducted before release on staging environments to ensure security.

Who is responsible for the maintenance and update of the software?

Getint company members are responsible for the ongoing maintenance and updates of the software.

Last updated