BigBrassBand markets two types of applications on the Atlassian Marketplace:
Self-hosted (Server and Data Center)
The following applies only to our Cloud products:
We host our Cloud applications at Amazon Web Services.
Customer data is separate – there's no "common" store of Git data.
Data is encrypted in transit and at rest (using Amazon Web Services EBS features for this).
We use AWS security tools to inspect and audit.
Only officers of BigBrassBand have access to customer data or can temporarily grant
access to customer data to staff for support/operations issues.
Retention of backups: 7 days that are also encrypted at rest.
If you cancel your subscription or trial without deleting data ahead of time,
then the data will persist for ~20 days before it is automatically reaped. That is
a buffer to let people have time to resubscribe without having to re-setup connections
(like a credit card expiration issue gone long).
If you delete the repository connections before ending trial or unsubscribing,
then they're removed from EBS immediately and then age out of the 7-day backup.
Communication of Security Advisories
When a critical severity security vulnerability in a BigBrassBand product is
discovered and resolved, BigBrassBand will inform customers through the following mechanisms:
When a fix for the vulnerability is available on the Atlassian Marketplace
– an email will be sent to all add-on watchers with "Security Update" in
the email subject line. To receive this email and new version announcements,
you must "Watch" the Git Integration for Jira" add-on via Jira Administration >
Manage add-ons > scroll to Git Integration for Jira. Customers
can also "Watch" from the Marketplace listing: https://marketplace.atlassian.com/plugins/com.xiplink.jira.git.jira_git_plugin/cloud/overview.