Security is one of our top priorities. All Refined apps for Atlassian cloud are Cloud Fortifiedand Refined adheres to Atlassian's security requirements for cloud applications.
Note that Refined does not store login credentials or any sensitive user data for Confluence on our servers.
We regularly test our products for security vulnerabilities via Bugcrowd's bug bounty program.
Cloud data storage practices
Refined Toolkit stores a limited amount of data outside of Atlassian Cloud. Please note that the information on this page is subject to change.
What we store
Layouts
Themes
What we don't store
Images. All images that are uploaded into the layouts and themes are stored in the Atlassian Media API. Please note that our image storage practices will change in March 2023: learn more.
Personally identifiable information (except for IP addresses that we store in our logs for two weeks).
Login credentials. We never store login credentials of users, and authentication happens through Atlassian.
Atlassian Content. Atlassian content is never cached and it is fetched on demand for the user requesting the data.
Where we store data
Refined Toolkit's data is hosted by Heroku in the US.
Who can access data
Access to Refined Toolkit's cloud infrastructure is restricted to Refined employees who require access to develop, maintain and troubleshoot issues within the product.
March 2023: An update to our data storage practices
From March 2023, newly and previously uploaded images in themes and layouts will be stored in Refined’s S3 region-specific bucket in Amazon Web Services (AWS). We already use AWS to serve static resources like default images, icons, etc.
There is no action required on your end. Images uploaded to Refined Toolkit themes and layouts will continue to work as expected.
You can check back on our change log to see exactly when these changes have been rolled out. If you have any additional questions, please don’t hesitate to reach out to our support team.