Security at Ticketize.it
Ticketize.it touches your Jira issues, so we treat security as a feature, not an afterthought. Here's exactly how your data is isolated, encrypted, and yours to take back at any time.
Tenant isolation at the database engine
Every query is scoped to your workspace via PostgreSQL Row-Level Security — not just in application code. The database role we connect as physically cannot read another tenant's rows, so a future app bug cannot leak data across customers.
Credentials encrypted, never plaintext
Atlassian OAuth tokens are encrypted at rest with AES-256-GCM envelope encryption: a per-integration data key (DEK) wrapped by a per-environment key (KEK) managed outside the database. A stolen backup is unreadable.
OAuth-only, least privilege
You connect via Atlassian OAuth 2.0 (3LO) — there are no API tokens to copy or store. We request only the scopes the sync engine actually uses, and you can revoke access from Atlassian at any time.
Hardened operations
Auth endpoints are rate-limited at the gateway, accounts lock after 10 failed logins, every sync attempt is written to an audit trail, and runtime errors flow to a self-hosted tracker — no third party watching your data.
Hosting & data residency
Application data is stored in a European data centre, with encrypted backups held in object storage in the same region. We use HTTPS exclusively and apply security updates on a regular cadence. Enterprise plans can arrange custom data residency.
Data handling & retention
We mirror only the fields in the projects you explicitly configure — summary, description, status, priority, type, assignee, comments, and attachments. Raw Jira API responses are retained for up to 30 days for operational reliability and then deleted automatically; operational logs are kept up to 90 days. We don't sell your data, share it with advertisers, or use it to train AI models. Card payments are handled by Stripe and never reach our servers.
Our sub-processors are Stripe (payments), Amazon SES (transactional email), and Atlassian (the origin of the data we synchronise on your behalf).
Compliance
Ticketize.it is built GDPR-ready and we offer a Data Processing Agreement. You can access, export, or delete your data at any time — see our Privacy Policy. SOC 2 is in progress (pending).
No lock-in — a clean exit
Leaving is as clean as joining. A one-click Disconnect & clean up action in Settings strips every Ticketize marker (sync labels, attribution lines) from your tickets. You can delete your account and all associated data from Settings, with a 7-day cancellable grace period before the hard delete.
Responsible disclosure
Found something that looks like a vulnerability or a security incident? Email [email protected] and please give us a chance to respond before disclosing publicly. We read these quickly.
Is my data isolated from other customers?
Yes — enforced at the PostgreSQL Row-Level Security layer, so the database role we connect as cannot read another tenant's rows even if application code forgot to filter.
How are my Jira credentials stored?
OAuth tokens are encrypted at rest with AES-256-GCM envelope encryption (per-integration data key wrapped by a per-environment key). Never plaintext, and there are no API tokens to manage — access is via Atlassian OAuth 2.0.
Where is data hosted?
A European data centre, with encrypted backups in the same region. Enterprise plans can request custom data residency.
Are you GDPR compliant — is a DPA available?
Yes, GDPR-ready with a Data Processing Agreement available, plus data export/deletion on request. SOC 2 is pending.