Hosted Services – Security Statement
Atlassian Hosted Services utilise some of the most advanced technology for Internet security available today. When you access our site using a modern web browser (Internet Explorer 5.5+, Mozilla FireFox, Google Chrome, Apple Safari, etc.), Secure Socket Layer (SSL) technology protects your information using both server authentication and encryption of data between your computer and the data centre, ensuring that your data in transit is safe, secure and available only to registered Users in your organisation.
In addition to SSL encryption, your account/data is protected by a mandatory user ID and password. Any password-protected areas of Atlassian Hosted Services can be accessed only with a valid password. Each password owner is responsible for keeping the password secret and confidential, and for notifying Atlassian if the password may have been stolen or might otherwise be misused. For more information, please see our Terms of Use.
Data storage
Our servers are securely located in a state-of-the-art facility that is managed by Contegix, a premier provider of managed hosting and advanced connectivity solutions. Atlassian has chosen Contegix because of their reputation for quality service and support as well as their unparalleled reputation for reliably hosting many of the Internet's most trafficked web systems.
Contegix facilities
Our Contegix data center is located in St. Louis, Missouri. All perimeter doors require both card key access and matching biometric palm or fingerprint scan. Visitors are only allowed escorted access to the data center and NOC on an as-needed basis. All internal doors leading to the data center also require an additional card scan for access. Within the data center, all customer equipment is located in locked cabinets or cages. For more on Contegix hosting, click here.
People and access
Contegix Support maintains an account on all hosted systems and applications for the purposes of maintenance and support. In some cases, select Atlassian support engineers may also have access to hosted applications and data. Only employees with the highest clearance have access to application data. Authentication is done via individual passphrase-protected public keys, rather than passwords, and the servers only accept incoming SSH connections from Atlassian and Contegix IP addresses. Application data is only accessible with appropriate credentials, ensuring that there is no possibility of one customer having access to another customer's data without explicit knowledge of their login information.
SAS70
In addition to regular audits, including 3rd party application penetration testing, the Contegix facilities have undergone a successful SAS70 Type II audit. SAS70 certifies that a service organisation has had an in-depth audit of its controls (including control objectives and control activities), which in case of Contegix relates to operational performance and security to safeguard customer data.
Backups
Application database backups are performed daily for all Atlassian Hosted services, and maintained for a minimum of seven days.
Privacy
Atlassian adheres to a strict policy for ensuring the privacy of your personally identifiable information (such as full name, address, e-mail address, and/or other identifiable information). We will never share your information with third parties outside Atlassian unless you give express permission for us to do so, or unless we are required to do so under applicable law. For more information, please see our Privacy Statement.
