Cloud Security Statement

January 19, 2017

1. Overview.
The Cloud version of Zephyr for JIRA uses the hosted service ( to store imported JIRA data and render Zephyr data. Zephyr hosted service is provided by Amazon Web Services (AWS).
Each Zephyr customer’s data is stored in a separate database schema and dataspace and is isolated from other customer data. Each incoming web request is authenticated and authorized before access to customer data is allowed.
Zephyr hosted service is using AWS components. Zephyr is responsible for provisioning, monitoring, and managing the virtual servers, and for providing support to Zephyr for JIRA subscribers.

2. Data Storage and Facilities.
Zephyr hosted service uses AWS components and infrastructure for data storage.

3. Stored JIRA data.
The Cloud version of Zephyr for JIRA uses JIRA issues REST APIs to query data from selected projects. Zephyr stores, in its own database, all test steps, executions and attachments related to testing.

4. People and Access.
Zephyr support and monitoring teams access application data only for purposes of application health monitoring and performing system or application maintenance, and upon customer request for support purposes. Only authorized Zephyr employees and consultants have access to application data.
Zephyr users are authenticated using Atlassian Connect JWT authentication and Zephyr API access key. Zephyr will get JIRA Cloud current user information which will be used for access control. Customers are responsible for maintaining the security of their own JIRA Cloud login information.

5. Backups.
Zephyr application database full backups are performed once per day and are retained for 30 days.