Security Statement

This page contains security information about Lango for Confluence.

Last statement update: 07 July 2022.

Data

Overview

We never store any Confluence data on our servers. All Lango configuration settings are stored inside Confluence using the page metadata API.

Where not expressly specified in the following sections, Lango processes all data on the client-side (in an end user's internet browser) and sends it back to the Cloud instance or instructs the Confluence Cloud instance to process it.

Translation service

When you use the translation feature, the Confluence page data temporarily pass through our servers and are forwarded to the selected translation provider. All data passes through security protocols that guarantee secrecy and data encryption (HTTPS/TLS). Under no circumstances do we store page or translation data.

Cloud Credentials

When you enable the translation feature, your provider credentials are encrypted (AES-256) and stored inside the Confluence App metadata. Only the Lango service can decrypt the credentials when a user requests a translation. Under no circumstances do we store the credentials on our servers.

Audit and usage logs

When you use Lango, we may collect anonymous usage data and analytics information for auditing, security purposes, improving our product, bugs resolution and customer support assistance.

Availability and system resilience

Our app configuration data are subject to regular backups. We back up at least once a day. Our backup data is securely stored, and protected from unauthorised access.

We use separate environments for development and production operations. The environments use separate data and configurations. Access to production environments is tightly controlled. Deployment of the app in production is managed through automated systems (CI/CD).

Data location

We process the Lango requests in Europe. Any information available via Atlassian REST API might be temporarily processed to render certain functions of the app.

Lango API services are hosted on Heroku Cloud (EU Region). Heroku is a Salesforce company. You can read the Heroku privacy statement at https://www.salesforce.com/company/privacy/.

We use Cloudflare's CDN network to serve, protect and optimize the worldwide Lango traffic. All data exchanged between the end-user and Lango traverses Cloudflare's global network before being processed by our servers. You can read the Cloudflare privacy statement at https://www.cloudflare.com/privacypolicy/.

Data Security

Lango for Confluence is based on Atlassian Connect Framework.
Atlassian is responsible for protecting your data in the Atlassian Confluence Cloud. For information on how Atlassian protects your data, see the Atlassian Trust page. For technical details about Atlassian Connect, refer to Atlassian's Connect FAQ.

Users can only access the apps using time-limited JSON web tokens generated by Atlassian specifically for the app.

Privacy

Lango for Confluence is fully compliant with European GDPR.

We do not store any personal data. You can read more on our Privacy Policy.

Managing Security Vulnerabilities

Lango for Confluence is subject to the Atlassian Security Programs and adheres to all requirements Atlassian imposes on incident management.

Our infrastructure is constantly monitored by the Atlassian Vulnerability Scanning Program EcoScanner.

Security vulnerabilities, when found, get the highest priority and are fixed based on the required Security Bug Fix Policy For Marketplace Apps.

Development and Support Team

Our development and support teams are located in Italy.
Suggestions, reports or requests for clarification are always welcome. Contact us for further details at: support@adapps.atlassian.net.