Security Practices

Security and privacy are integral to our products, infrastructure, and processes, ensuring your data is always safeguarded. Jira data remains on your site and never leaves it.

API Keys and User Data

Admin Automation enables Atlassian admins to automate their user management tasks within To do so, Admin Automation, uses the Atlassian Cloud Organization REST APIs directly or through gateway services operated by Smol Software. The Atlassian Cloud Organization REST APIs require an API Key to function. This API Key, once provided to the Admin Automation app, is encrypted (256bit) and stored in a database in the us-west-2 or eu-west-1 regions of AWS.

Backup and access to API Keys

Backup copies of data (including API Keys and automation rules) are taken daily and stored in the us-west-2 or eu-west-2 regions of AWS for up to 30 days.

API Keys are encrypted (256bit) and are not accessible by any employees.

Infrastructure Access

The Smol Software team does not require access to production infrastructure as build, test, and deployment processes are automated. This helps ensure the security and protection of sensitive information and reduces the risk of security breaches.

Identity and Access Management

Smol Software leverages a Cloud identity provider and a Cloud access management platform to manage access to infrastructure and services. A strict password policy is enforced for team members, and all privileged level infrastructure and service provider access require 2FA tokens for an added layer of security.

Security vulnerabilities management

We commit to the Accelerated Resolution Timeframes of Atlassian's security bugfix policy and to our Service level agreement.

Last updated