Security and Privacy Policy

Updated: May, 23th 2018

The privacy of your data is very important to us. This document explains how your data is stored, where it is stored and whether it is stored securely.

Security

Infrastructure

BUGtrack is hosted at SteadFast Networks' 350 E Cermak, Chicago Data Center. This world-class data center provides complete 2N redundancy at Tier 3+ standards. Our software infrastructure is updated regularly with the latest security patches.

Data Encryption

BUGtrack encrypts the data over the wire via 256-bit (SHA2) TLS certificate, TLS 1.0, 1.1 and 1.2. Data isn't encrypted while it's live in our database since it needs to be ready to send to you when you need it, but we perform all the measures needed to secure your data at rest. File attachments are encrypted at-rest via AES256. Database backups are also stored in encrypted form.

Data Backups and Disaster recovery

BUGtrack backs up the data on an hourly basis. Backup files and server logs are then copied to a secure disaster recovery facility where they are kept for 6 months before being permanently deleted. BUGtrack doesn't utilize any type of removable media for backup storage, all backup files are stored on secure servers.

Personnel Access

A small team of operations personnel have administrative access to the infrastructure where BUGtrack is hosted. Additionally, BUGtrack developers occasionally require a read-only access to the customer's account metadata to troubleshoot problems.

All BUGtrack employees sign confidentiality agreements before gaining access to customer's account. Everyone at BUGtrack is trained and made aware of security concerns and best practices for their systems. Remote access to servers is established via company VPN and limited to workers who need access for their day to day work. All access events are logged for all accounts by IP address.

Incident Response

Once BUGtrack becomes aware of any suspected or confirmed data breach, BUGtrack will notify all affected customers via e-mail within 72 hours.

Privacy

Personally identifiable information

BUGtrack user accounts hold user's name and e-mail address. Name helps us to personalize user's experience. E-mail address is used for communication with the user. Requests to delete personally identifiable information should be forwarded to appropriate account's administrators.

Sharing personally identifiable information

We'll never pass your personal information to third parties and we won't use your name in marketing statements without your permission either. However, name and e-mail address may be copied into and securely stored in other systems owned by ForeSoft – CRMDesk support portal and internal billing system. Both systems are covered by ForeSoft Corporation's Security and Privacy Policy.

Cookies

BUGtrack uses cookies for authentication and keeping certain user preferences. No cookies, however, contain personally identifiable information.

Law enforcement

BUGtrack won't hand your data over to law enforcement unless requested by a court order. We will reject data requests from local and federal law enforcement without a court order. And, unless we're legally prevented from it, we'll always inform you when we receive such requests.

EU-U.S. Privacy Shield Framework

See our EU-U.S. Privacy Shield policy.

Data retention/deletion

Customers are responsible for understanding and implementing their data retention and deletion requirements related to the data they store in BUGtrack.

Deleted bug records are moved to Recycle Bin, kept there for 30 days and then purged automatically. Administrator can purge records from Recycle Bin manually at any time. Other data types such as projects, users, roles etc. are erased from production systems immediately, however, since BUGtrack backups are kept for 6 months, it may take up to 6 months for their data to be completely purged from BUGtrack backup systems.

Expired accounts

An account is considered 'expired' when either its trial period ends, or a paid subscription is ended. BUGtrack blocks access to expired accounts. Expired paid accounts are securely kept in locked stage for 180 days. Expired trial account are deleted automatically within 90 days after expiration. Account administrators may request BUGtrack to delete their accounts by sending an email to support@bugtrack.net and such requests will be handled within 72 hrs.

Backups

All types of data deleted from BUGtrack will reside in system backups for 6 months. It will not be restored back to production systems, except for in certain rare instances such as the need to recover from a natural disaster or serious security breach. In such cases, some of deleted data instances may be restored from backups, but BUGtrack will immediately take all necessary steps to honor the initial request to delete and erase the primary instance of the data again.