# Security Practices

## API Keys and User Data <a href="#accessing-jira-data" id="accessing-jira-data"></a>

Admin Automation enables Atlassian admins to automate their user management tasks within [admin.atlassian.com](https://admin.atlassian.com). To do so, Admin Automation, uses the Atlassian Cloud Organization REST APIs directly or through gateway services operated by Smol Software. The Atlassian Cloud Organization  REST APIs require an API Key to function. This API Key, once provided to the Admin Automation app, is encrypted (256bit) and stored in a database in the us-west-2 or eu-west-1 regions of AWS.

## Backup and access to API Keys <a href="#storage-and-access-to-release-notes" id="storage-and-access-to-release-notes"></a>

Backup copies of data (including API Keys and automation rules) are taken daily and stored in the us-west-2 or eu-west-2 regions of AWS for up to 30 days.

API Keys are encrypted (256bit) and are not accessible by any employees.

## Infrastructure Access <a href="#infrastructure-access" id="infrastructure-access"></a>

The Smol Software team does not require access to production infrastructure as build, test, and deployment processes are automated. This helps ensure the security and protection of sensitive information and reduces the risk of security breaches.

## Identity and Access Management <a href="#identity-and-access-management" id="identity-and-access-management"></a>

Smol Software leverages a Cloud identity provider and a Cloud access management platform to manage access to infrastructure and services. A strict password policy is enforced for team members, and all privileged level infrastructure and service provider access require 2FA tokens for an added layer of security.

## Security vulnerabilities management <a href="#security-vulnerabilities-management" id="security-vulnerabilities-management"></a>

We commit to the Accelerated Resolution Timeframes of [Atlassian's security bugfix policy](https://www.atlassian.com/trust/security/bug-fix-policy) and to our [Service level agreement](https://docs.released.so/legal/service-level-agreement).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.smolsoftware.com/legal/security-and-privacy/security-practices.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.