Welcome to the Security FAQ section for Getint, particularly focusing on our SaaS deployment type, which is the default for Jira Cloud customers. Here, we aim to address common security concerns and standards expectations from our customers regarding data handling, encryption, access, and more.
What type of data is transmitted, processed, generated, and/or stored by Getint?
Getint handles only essential data required for integration and synchronization as configured by the customer. This includes item data (issues, tasks, bugs, incidents), comments, user identifiers, encrypted connection details, and URLs to app instances under integration.
Does Getint handle sensitive (personal, health, financial, etc.) data?
Typically, no. Sensitive data is only processed if it is stored in the items being synchronized and explicitly selected for sync by the customer.
How is data encrypted at rest, and how are keys/secrets managed?
Keys and secrets are encrypted and stored securely on Getint-owned hosts. Detailed information on key management is restricted for security reasons.
Access to PII or PHI is strictly limited and not applicable under general circumstances, with only Getint company owners having potential access.
Is the code stored in source control, and are clear-text passwords present?
Our source code is managed in GIT via Azure DevOps, with no clear-text passwords stored in the code. Passwords required for application operation are provided at runtime.
What is Getint's data backup strategy?
Getint implements daily backups, which are retained for 30 days, ensuring data resilience and recovery capabilities.
Our infrastructure relies on AWS, which manages all aspects of backups, hard drives, and VM utilization according to their SLA terms, ensuring proper data sanitization.
How is patching of the software/application implemented in Getint?
Patching follows rigorous testing phases including unit, automatic, UAT testing, and deployment to production, ensuring backward compatibility with a blue/green deployment technique.
How does data get to the application/service, and can external users load it?
Data is provided by the customer through a secured account within the application. Each customer's data is stored in a separate database schema, with no external access for loading/reading data, except for backups.
Getint employs standard security techniques provided by the Spring framework for data integrity and input validation.
Is Getint participating in a Bug Bounty program?
Yes.
Are strong password rules applied, and is multifactor authentication used?
Yes, strong password rules are enforced, with frequent rotation. Multifactor authentication is implemented for internal systems used by Getint company members.
How is the authorization of users managed, and is role-based access used?
We establish direct connections to applications using authentication tokens. For example, when connecting to Jira as an admin, you typically provide the URL, email address, and token. The required credentials vary across platforms. Some use OAuth, others rely on username and password combinations. The specific method depends on what each application supports and what our customers prefer.
Are secure code development practices used to develop the product?
Yes, Getint follows best practices including code reviews, segmented environments, UAT, and smoke testing, among others.
Who is responsible for the maintenance and update of the software?
Getint company members are responsible for the ongoing maintenance and updates of the software.
