Security Statement

OVERVIEW

RefinedWiki provides hosted services delivered by well known and established third-party providers. RefinedWiki delivers these services through the Atlassian Cloud remote add-on framework Atlassian Connect. RefinedWiki will always use appropriate, administrative, and technical security measures to protect Personal information. While we take reasonable effort to guard your Personal Information, no security system is impenetrable and due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers. In addition, we cannot guarantee that any passively-collected Personal Information you (the End User) choose to store in our SaaS Products (Cloud add-ons) are maintained at levels of protection to meet specific needs or obligations you may have relating to that information.

RefinedWiki also provides Downloadable products (Server add-ons), which are installed in the End User’s premise. The End User is responsible for securing access to the data they store in the Server add-ons, RefinedWiki is not responsible for this. Furthermore, RefinedWiki does not have any access to any of the End User’s content in these Server add-ons.

DATA STORAGE

All content created by RefinedWiki’s Cloud add-ons are stored in our Cloud Storage Solution. All Images uploaded to RefinedWiki’s Cloud add-ons are stored in Atlassian Media API. At times, RefinedWiki may temporary store (cache) some configuration information required for the operation of the Cloud add-ons.

All data in our Cloud Storage Solution is backed up daily meaning that our Recovery Point Objective (RPO) is a maximum of 24 hours

This does not apply to our Server add-ons.

PEOPLE AND ACCESS

RefinedWiki’s Cloud add-ons have limited access to customer data and such access is programmatically negotiated during the add-on installation, following Atlassian Connect protocols, including public/private key based authentication. The Cloud add-ons only access the information required for providing our services. Only data generated by our Cloud add-ons may be temporarily retained by our Cloud add-ons for caching and synchronisation purposes only.

RefinedWiki’s Cloud add-ons are designed to allow add-on data to be accessible only with appropriate credentials, such that one customer cannot access another customer’s data.

RefinedWiki’s support team have access to RefinedWiki’s Cloud add-ons and may access customer data only for purposes of Cloud add-on health monitoring and performing system or Cloud add-on maintenance, and upon customer request via our support system. Within RefinedWiki, only authorized RefinedWiki employees have access to Cloud add-on data.

This does not apply to RefinedWiki’s Server add-ons.

THIRD PARTIES

RefinedWiki uses Heroku, a leading cloud platform, as a service provider for hosting its Cloud add-ons. Heroku’s security statement is available here.

This does not apply to RefinedWiki’s Server add-ons.

PRIVACY

RefinedWiki understands and is committed to the importance of ensuring the privacy of your personally identifiable information. For more information, please see RefinedWiki’s Privacy Policy.

REPORTING SECURITY VULNERABILITIES

RefinedWiki is committed to ensuring the security and confidentiality of your information, and it’s very important for us to hear about ways we can improve the security of our Cloud add-ons.

If you discover a vulnerability, please disclose it to us through RefinedWiki’s Support System, or email security@refinedwiki.com.
To be able to assess the exploitability and impact of the issue, provide us with as much information as possible:

  • Provide the steps used to reproduce the issue, including any URL’s or code involved
  • HTTP request / response captures, or simply packet captures are also very useful to us.

Please be aware that we are unable to respond to generic scanner reports. If you have had a security practitioner examine a generic scan report and they have isolated specific vulnerabilities that need to be addressed, we request that you use our Support System to report them individually.