Skip to main content
Skip table of contents

Security Statement

Overview

Togetha Software provides hosted Forge Apps for Atlassian Cloud Products. These Cloud Apps can be identified by the "Cloud" category in the corresponding Atlassian Marketplace listing. Our Cloud Apps do not store Customer Data locally, but store Customer Data in the corresponding Atlassian Cloud Product. The Atlassian Cloud Product Security Statement can be found here.

Facilities

Togetha Software Forge apps are hosted by Atlassian on Atlassian Infrastructure, and Atlassian manage the security of that Infrastructure. Our applications do not currently store any user data separately from the Atlassian application, or on other infrastructure.

Forge is a platform that lets us build apps and integrations on top of Jira, Confluence, and Compass Cloud products. When we build a Forge app, Atlassian takes care of the infrastructure, including security considerations.

We also utilise Atlassians Cloud for SaaS applications like Jira, Confluence, Compass and Bit Bucket which we use to build and support our Apps.

Certification

You can find Atlassian's Security Practices here.

Togetha Group is working to be certified as a Cloud Security Compliant vendor with Atlassian, with significant security program resourcing. You can learn more about Atlassian’s Marketplace Apps Trust programs.

People and Access

Within Togetha a limited number of trusted and vetted team members have access to the production environment for the purposes of maintaining our cloud applications and assisting our customers. Additionally, we monitor all access to Togetha Group’s Cloud.

Customers are responsible for maintaining the security of their own login information.

Data Storage

Our Cloud Apps do not store Customer Data outside their corresponding Atlassian Cloud Product.

Togetha may store information about you as a client, please refer to our Privacy Policy for details.

Data Retention

Togetha Software builds solutions with Forge that use Atlassian’s Functions-As-A-Service (FaaS) model so that client data remains in client instances and does not need to be handled outside their cloud tenancy or system boundary. Client data that is handled by us for the purposes of delivering our services is described in our DPA schedule. Backup data can be stored for up to 3 years on AWS.

Backups

For our Cloud Apps we recommend our clients familiarise themselves with Atlassian's Shared Responsibilities model for resilience, and work with them to find best pattern approaches to backing up and managing their instance data, within their own environments.

Togetha keeps multiple cloud backups of customer data related to sales and support for up to 3 years.

Security Incident Policy

Every care is taken by Togetha Group to protect customer data from incidents (either accidentally or deliberately) to avoid a data protection breach that could compromise security. For more information, please contact us for our Security Incident Policy via support@togetha.software.

Bug Fix Policy

Bug Severity - Critical

SLA - Within 10 business days of being reported

Example - Direct access to application or database servers

Bug Severity - High

SLA - Within 3 weeks of being reported

Example - Leakage of sensitive data through bugs / exploits in the application

Bug Severity - Medium

SLA - Within 6 weeks of being reported

Example - Leakage of non-sensitive data

Privacy

Togetha Group understands the importance of ensuring the privacy of your personally identifiable information and being legally compliant to privacy laws and regulations. For more information, please see our Privacy Policy.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close