Behave Pro is a requirements management tool that integrates with Atlassian Jira Cloud (formerly OnDemand). The Atlassian Connect architecture requires data communication between Jira Cloud and Behave Pro to be hosted on separate hardware. This document sets out the terms of how the Behave Pro application is stored.
Our Cloud platform was designed and optimized by us specifically to host Behave Pro and has multiple levels of redundancy built in. The application runs on a separate compute nodes (Virtual Machines) than that on which the data is stored. Hardware or software failure of the application node is recovered automatically using hot standbys. Application data is stored on a separate dedicated node with real-time replication to two secondary storage nodes, with one node located within a different data hosting facility (AWS Region). If the primary storage node has a problem or becomes unavailable, the application will automatically switch to the replicated secondary storage node without data loss.
The Behave Pro Cloud is hosted using Amazon Web Services (AWS) and the Rackspace Cloud. The data centers used by these providers are SOC-1 (formerly SAS 70) compliant. Access to the data centers is limited to authorized personnel only, as verified by biometric identity verification measures. Physical security measures include on-premises security guards, closed circuit video monitoring, man traps, and additional intrusion protection measures.
The data centers or regions we use are located in geographically diverse locations across the United States, with the primary data center in Virginia.
People and access
Our London-based support team can access hosted application data only for the purposes of performing system or application maintenance, and data recovery. Within Hindsight Software Ltd, only authorized Hindsight employees have access to application data. Authentication is done via individual public keys and two-factor authentication devices, rather than passwords, and the servers only accept incoming SSH connections from authorized Hindsight computers.
Behave Pro Cloud is designed to allow application data to be accessible only with appropriate credentials, such that one customer cannot access another customer's data without explicitly authenticated access to the other customers' Jira Cloud instance. Customers are responsible for maintaining the security of their own Jira Cloud.
The Hindsight team monitors the cloud platform 24x7 from London, United Kingdom. Information about system uptime is publicly available here.
Stored Jira data
Behave Pro for Jira Cloud uses Jira issues REST APIs to query data from selected projects to provide the specified functionality. We will sometimes cache this data for performance reasons, but only the minimal amount of data will be stored. Behave Pro stores, in its own database, all feature, scenario and test reports information. Additional data will be stored in Jira to provide search functionality.
To augment application penetration testing we have performed, we have selected IaaS (Infrastructure) providers that maintain industry-standard certifications. We also contract 3rd parties to perform vulnerability scanning on the Behave Pro Cloud network and applications.
The data centers of our hosting providers are SOC-1 (formerly SAS 70) compliant. These certifications address physical security, system availability, network and IP backbone access, customer provisioning and problem management.
Behave Pro application database full backups are performed once per day and are retained for 30 days. Weekly backups are taken and stored off-site, and retained for 3 months. All backup data is encrypted.
When a customer’s subscriptions lapses or ends we will retain the data for a period of 30 days and then the data may be removed. Within this 30 day period customers can renew their subscription and continue to access the data.
Customers may request the permanent removal of data from our systems by writing to Hindsight Software Ltd, 2a The Quadrant, Epsom, Surrey, KT17 4RH. The removal of data will be conducted within 15 days and does not include removing data from any backups materials.