Security Statement

Security Statement

Our Security Practices

The Logilica Insights Platform applies best practice security controls. Below are some of the key elements we use to ensure the security of our and your data.

January 7, 2021

Logilica Insights Service Access Control

Permissions

Our services provide role-based access control for authorization, allowing you to control who can access application settings, billing information, features, etc.

Password and Credential Storage

Credentials are salted and encrypted.

Data Hosting and Storage

Logilica hosts its infrastructure and data in Amazon Web Services (AWS). We follow AWS’ best practices which allows us to take advantage of their secured, distributed, fault tolerant environment. To find out more information about AWS security practices, see: https://aws.amazon.com/security/.

Back Ups and Monitoring

Logilica uses automation to backup all data stores that contain customer data. On an application level, we produce audit logs for all activities and use logs for security analysis.

Permissions and Authentication

Access to customer data is limited to authorized employees who require it for their job. All access to the Logilica websites is restricted to HTTPS encrypted connections.

Encrypted Access

All access to repositories is performed using encrypted connections, either via SSH, TLS or HTTPS. Depending on the version control system, access to private repositories is obtained via an SSH token. 

Encryption at Rest

The basic overview of repository security includes:

  • We collect:
    • messages, hexhash, and authors for commits
    • metadata, metrics, file names, and technology types for commits
    • the identifier, title, message, comments, and everyone that’s been involved for tickets and pull requests
  • We keep an AES-256 encrypted copy of repository data when not actively processing the repository. If this is a concern, an alternate option would be to host Logilica on a VPC or on-premise.
  • We will connect either by SSH, TLS or HTTPS, depending on your configuration.
  • When you disconnect your repositories, all associated data is purged from the system within 48 hours.

Employee Access Restrictions to Customer Data

No Logilica staff will access private repository data unless required for support reasons, or responding to an incident. In cases where staff must access repository data in order to perform support, we will get your explicit consent each time, except when responding to a security issue or suspected abuse.

When working a support issue we do our best to respect your privacy as much as possible, we only access the minimum data and settings needed to resolve your issue.

Additional Security Information

Training

All Logilica employees receive security awareness training.

Policies

Logilica has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with employees.

Employee Vetting

Logilica performs background checks on all new employees in accordance with local laws. The background check includes employment verification and criminal checks for Australian employees.

Confidentiality

All employee contracts include a confidentiality agreement.

Headquarters security

Logilica headquarters employs door personnel and badge access is required at all hours. Visitors are required to be escorted at all times.

PCI Obligations

When you purchase a paid Logilica subscription, your credit card data is not transmitted through nor stored on our systems. Instead, we depend on Stripe, a company dedicated to this task. Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available. Stripe’s security information is available online.

Privacy Policy

For more detail around how we handle privacy, check out our Privacy Policy or reach out to your Logilica contact.

Reporting An Issue

Your input and feedback on our security as well as responsible disclosure is always appreciated. If you’ve discovered a security concern, please email us at [email protected] We’ll work with you to make sure we understand the issue and address it. We consider security correspondence and vulnerabilities our highest priorities and will work to promptly address any issues that arise.