> For the complete documentation index, see [llms.txt](https://docs.smolsoftware.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.smolsoftware.com/legal/security-and-privacy/security-practices.md).

# Security Practices

## API Keys and User Data <a href="#accessing-jira-data" id="accessing-jira-data"></a>

Admin Automation enables Atlassian admins to automate their user management tasks within [admin.atlassian.com](https://admin.atlassian.com). To do so, Admin Automation, uses the Atlassian Cloud Organization REST APIs directly or through gateway services operated by Smol Software. The Atlassian Cloud Organization  REST APIs require an API Key to function. This API Key, once provided to the Admin Automation app, is encrypted (256bit) and stored in a database in the us-west-2 or eu-west-1 regions of AWS.

## Backup and access to API Keys <a href="#storage-and-access-to-release-notes" id="storage-and-access-to-release-notes"></a>

Backup copies of data (including API Keys and automation rules) are taken daily and stored in the us-west-2 or eu-west-2 regions of AWS for up to 30 days.

API Keys are encrypted (256bit) and are not accessible by any employees.

## Infrastructure Access <a href="#infrastructure-access" id="infrastructure-access"></a>

The Smol Software team does not require access to production infrastructure as build, test, and deployment processes are automated. This helps ensure the security and protection of sensitive information and reduces the risk of security breaches.

## Identity and Access Management <a href="#identity-and-access-management" id="identity-and-access-management"></a>

Smol Software leverages a Cloud identity provider and a Cloud access management platform to manage access to infrastructure and services. A strict password policy is enforced for team members, and all privileged level infrastructure and service provider access require 2FA tokens for an added layer of security.

## Security vulnerabilities management <a href="#security-vulnerabilities-management" id="security-vulnerabilities-management"></a>

We commit to the Accelerated Resolution Timeframes of [Atlassian's security bugfix policy](https://www.atlassian.com/trust/security/bug-fix-policy) and to our [Service level agreement](https://docs.released.so/legal/service-level-agreement).


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.smolsoftware.com/legal/security-and-privacy/security-practices.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.