Security statement

Overview

Connector for Salesforce & Jira displays Salesforce data in Jira pages.

Data

  • The Cloud version of Connector for Salesforce & Jira is the middleman that transfers data between Jira and Salesforce using an intermediary server owned by ServiceRocket at sfjc.servicerocket.io, hosted on AWS EC2 with Multi-AZ enabled. Every info is fetched on the go when needed.
  • Only Salesforce objects configured by the Jira administrator can be accessed by the Connector for Salesforce & Jira.
  • The data you pull from Salesforce into Jira is the only data that is accessed (data is processed but not written to disk) and transferred.
  • The data transmission between Jira Cloud, the intermediary server, and Salesforce are encrypted using HTTPS and JWT as user validation.

Access

  • We take great pains to securely authenticate your connection to Salesforce.
  • We never store any Salesforce data on our servers except for Salesforce object IDs.
  • We do not store your Salesforce credentials or your Jira credentials anywhere.

Privacy

  • Connector for Salesforce & Jira is fully compliant with GDPR as this has also been enforced by Atlassian for all Jira Cloud Apps.
  • ServiceRocket understands the importance of privacy. Please read our Privacy Policy for more information.

Frequently asked questions

  • Where are your development and support teams located?
    Our development and support teams are located in Palo Alto (United States), Kuala Lumpur (Malaysia), and Santiago (Chile).

  • Can I have more detailed information about data retention, internal procedures, risk management, etc.? Do you provide help in answering third-party vendor questionnaires?
    We can provide a detailed copy of our SOC 2 compliance report to fulfill these requests. However we can share this only upon signing of an NDA between ServiceRocket and your company.

  • Can you provide your data processing agreement/addendum?
    Yes, if you need a copy of our DPA, you may request it from our Support team and we can provide this upon signing of an NDA form.

Data

  • Unlike the Cloud version of Connector for Salesforce & Jira, the Server version DOES NOT use an intermediary server.
  • Only Salesforce objects configured by the Jira administrator can be accessed by the Connector for Salesforce & Jira.
  • The data you pull from Salesforce into Jira is the only data that is accessed (data is processed but not written to disk) and transferred.
  • Data in transit is automatically encrypted during transmission via Transport Layer Security (TLS) through the use of HTTPS. Data at rest is not encrypted, but sensitive data is masked. For more information, refer to this knowledge base article.

Access

  • We take great pains to securely authenticate your connection to Salesforce.
  • JWT (JSON Web Tokens) are used as an authentication mechanism to confirm the identity of a requestor before granting access to secured information.
  • We never store any Salesforce data on our servers.
  • We do not store your Salesforce credentials or your Jira credentials anywhere.

Privacy

  • ServiceRocket understands the importance of privacy. Please read our Privacy Policy for more information.

Frequently asked questions

  • Where are your development and support teams located?
    Our development and support teams are located in Palo Alto (United States), Kuala Lumpur (Malaysia), and Santiago (Chile).

  • Can I have more detailed information about data retention, internal procedures, risk management, etc.? Do you provide help in answering third-party vendor questionnaires?
    We can provide a detailed copy of our SOC 2 compliance report to fulfill these requests. However we can share this only upon signing of an NDA between ServiceRocket and your company.


  • Is your app GDPR compliant?
    Yes. The release of Jira 8.2 is introducing GDPR compliance for all Jira third-party apps. We are complying with Atlassian GDPR. We have also implemented GDPR compliance company-wide.


  • Can you provide your data processing agreement/addendum?
    Yes, if you need a copy of our DPA, you may request it from our Support team and we can provide this upon signing of an NDA form.