Security is one of our top priorities. All Refined apps for Atlassian cloud are Cloud Fortifiedand Refined adheres to Atlassian's security requirements for cloud applications.
Note that Refined does not store login credentials or any sensitive user data for Confluence on our servers.
We regularly test our products for security vulnerabilities via Bugcrowd's bug bounty program.
Security questionnaire: CAIQ lite
Due to the large number of customers, we are not able to answer customer specific security questionnaires. Instead we have answered the industry standard security questionnaire CAIQ Lite.
Download our answers:
Cloud data storage practices
Refined Toolkit stores a limited amount of data outside of Atlassian Cloud. Please note that the information on this page is subject to change.
What we store and where
Layouts, hosted by Heroku in the US.
Themes, hosted by Heroku in the US.
Images in layouts and themes, stored in Refined’s S3 region-specific bucket in Amazon Web Services (AWS).
What we don't store
Images in macros.
Personally identifiable information (except for IP addresses that we store in our logs for two weeks).
Login credentials. We never store login credentials of users, and authentication happens through Atlassian.
Atlassian Content. Atlassian content is never cached and it is fetched on demand for the user requesting the data.
Who can access data
Access to Refined Toolkit's cloud infrastructure is restricted to Refined employees who require access to develop, maintain and troubleshoot issues within the product.