Introduction
Welcome to Asinaria Security and Data Documentation. At Asinaria, we understand the importance of maintaining the highest standards of security and privacy for our users and partners. This document outlines our comprehensive approach to safeguarding all data,
Our commitment to security is embedded in our culture and drives the development and delivery of our products and services. We are dedicated to continuously improving our security posture to meet and exceed industry standards, ensuring that our users' and partners' data is handled with care and protection.
We recognize the trust you place in us when you use Asinaria and integrate it with other services. It is our highest priority to uphold that trust by implementing robust security measures at every level of our organization and application. We welcome any questions or feedback regarding our security practices and invite you to contact us at info@asinaria.com for further discussion.
Data Handling and Privacy
At Asinaria, we prioritize the privacy and security of our users' data. Our data handling and privacy practices are designed to comply with high standards of data protection regulations and to ensure the integrity and confidentiality of user data.
Data Collection Practices
Our approach to data collection is guided by the principles of necessity and transparency. We collect information that is essential to provide our services effectively and to enhance the user experience. Our application integrates with other services like ClickUp, Jira, Asana and others to offer users enhanced capabilities and a seamless experience across platforms. Below is an outline of the data we collect from some services and the purpose behind each:
Account Information: This includes names and email addresses. We use this information to create and manage user accounts, enable user customization of our app, and for communication purposes.
Usage Data: This encompasses data on how our services are accessed and used, such as user interface interaction data, preferences set by users within the app, and device and connection information. We analyze this data to improve our app’s performance and user interface.
Authentication Data: This includes OAuth Tokens or API tokens. We securely obtain and store this data as part of the integration setup. This data is used to authenticate our application’s requests on behalf of the user to access their account on other services, strictly according to the permissions granted by the user.
Integration Data from ClickUp
User-Controlled Data Storage:
We offer the capability to store all available data related to tasks and workspaces metadata, including details such as task descriptions, statuses, assignees, and due dates, as well as workspace names. Additionally, comments on tasks can also be stored if the user asks for it.
It is up to our users to select which tasks, workspaces, and comments they wish to store within our application.Tasks are stored once a user selects to integrate a selected list with Power BI. And Workspace data is stored in the Authentication flow.
Transient Use of Data:
While our application utilizes data from ClickUp's folders, spaces, and lists to facilitate navigation and organization within our app, we do not store this data. This information is used temporarily to enhance the user experience by providing structure and organization that mirrors the user's ClickUp environment, but it is not retained beyond the active session.
Integration Data from Jira
User-Controlled Data Storage:
We offer the capability to store data related to Jira issues, fields metadata, and statuses, including details such as issue descriptions, assignees, due dates, and priority levels. This ensures that our users have a detailed overview of each issue directly within our application. Users have the autonomy to select which issues and their associated details they wish to store by selecting the project they are willing to integrate with Power BI.
Transient Use of Data:
Although our application leverages data from Jira projects to facilitate organization and categorization of issues, this project-specific information is not stored permanently. The use of project data is transient, aimed at enhancing the user experience by providing structure and organization that mirrors the user's Jira setup. This information aids in navigating and managing issues across different projects within our app but is not retained beyond the active user session.
Data Storage and Retention Policies
Secure Data Storage
Our application employs security measures to ensure the secure storage of all data, including user information, integration data, and any other data collected through the use of our services. Here are key aspects of our data storage practices:
Encryption at Rest: Our application employs advanced encryption standards to secure all data at rest. We use industry-recognized encryption algorithms, ensuring that all sensitive and personal data stored within our databases is protected against unauthorized access.
Data Storage Locations: We use highly secure, compliant cloud storage services known for their robust security features and compliance with global data protection regulations. Our data centers are located in the US East (Ohio) region, offering fast and reliable access while adhering to jurisdictional privacy laws.
Access Control: Access to stored data is strictly controlled. Only authorized personnel with a legitimate need to access specific data for the purpose of performing their job duties are granted access.
Our data retention policies are designed to ensure that we only keep data for as long as necessary to fulfill the purposes for which it was collected, including to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods vary depending on the type of data:
Data Retention Policies
User Deletion Rights: We respect the user's right to manage their data. At any point, users can request the deletion of data they have previously chosen to store within our systems. Upon such a request, the data will be permanently deleted from our databases, ensuring no residual copies remain in our active or backup systems.
Persistent Data Storage: Data associated with a user's account, including data automatically stored based on the user's selection is retained in our systems to ensure a seamless and continuous user experience. This data remains stored and accessible until the user decides to delete their account.
Data Logging Practices
Selective Logging: All entries in our logs are made manually by our team, a practice that allows us to ensure that only relevant, non-sensitive information is recorded. This deliberate approach helps prevent the inadvertent logging of sensitive user information by automated processes
Use of Identifiers: Instead of logging sensitive information directly, our logs record identifiers (such as unique IDs) that correspond to data or transactions. This method allows us to trace actions or events back to specific data points without exposing any sensitive information in the logs themselves.
Restricted Access: Access to our logs is strictly limited to authorized personnel who require this information to perform their job responsibilities. This access is controlled through robust authentication and authorization mechanisms, ensuring that only those with a legitimate need can view the logs.
Encrypted Log Management: Our logs are managed through a highly secure, cloud-based logging infrastructure that employs encryption both at rest and in transit. This ensures that all log data, including manual entries and identifiers used for tracing, is protected against unauthorized access and interception.
Application Security Testing
We incorporate rigorous static application security testing (SAST) into our development process, affirming our dedication to building secure software.
Proactive Security Analysis: We scrutinize our codebase for potential security issues without executing the code. This method allows us to identify and address vulnerabilities early, significantly reducing the risk to our applications and effectively protecting user data.
Integration in Development Workflow: Our security analysis is fully integrated into our Continuous Integration/Continuous Deployment (CI/CD) pipeline. This integration ensures that every code commit is automatically scanned, maintaining a high standard of security with every update.
Customized Security Focus: Recognizing the unique challenges posed by our technology stack, our static analysis approach is specifically tailored to the nuances of our programming language. We configure the analysis to focus on vulnerabilities most relevant to our technologies, ensuring comprehensive coverage and efficient resource utilization.
Network Security
In our commitment to securing user data and maintaining privacy, we employ Transport Layer Security (TLS) protocols to safeguard all data in transit. This approach ensures that our network communications adhere to the high standards of security and integrity.
Website and Public APIs: All external communications with our website and public-facing APIs employ TLS 1.3. Ensuring that data exchanged between our clients and servers is securely encrypted and protected against interception or tampering.
Isolation and Security: Services not exposed to the public internet are hosted within a private network. This design ensures a high degree of isolation, significantly reducing the attack surface by making these services inaccessible from the external internet.
Secure External Connections: When connecting to external APIs and services, we ensure that these connections are made over HTTPS. By requiring HTTPS, we leverage TLS indirectly, as HTTPS is essentially HTTP over TLS. This practice ensures that the data transmitted to and from these external services is encrypted, safeguarding it against interception and unauthorized access.
Contact Us for Security Inquiries
We prioritize the security of your data and are committed to the highest standards of protection. If you have questions about our security measures or need to report a security concern, please reach out to our dedicated team at info@asinaria.com. We ensure confidentiality and treat all security communications with urgency and care. Our team is dedicated to responding quickly and working collaboratively to address any concerns, maintaining transparency throughout the process. Your insights are invaluable in helping us enhance our security posture and create a safer digital environment for all.
Asinaria
More