Hipchat: Security of processing
The GDPR requires that personal data be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. What measures you use to secure the personal data depend on the type of personal data processed, the risk to the individual and relevant industry standard practices. Security measures implemented will vary on a case-by-case basis, and you should be chosen with the assistance of legal counsel. Below is a summary of security tools and configurations available to you within certain Atlassian products, along with how to implement.
Hipchat Data Center 3.0.1 and later
Hipchat Server 2.0 and later
On-Premise Network security
Atlassian recommends that customers implement a secure and reliable network to ensure the protection of its users' data in the infrastructure that hosts Atlassian applications.
Client to Hipchat Communications
Hipchat Server provides full HTTPS encryption for all communication between server and clients in the default configuration. We recommend that you deploy a valid SSL certificate on the server using the instructions at Creating or Obtaining an SSL Key and Certificate.
Hipchat Data Center on both vSphere and AWS provide full HTTPS encryption of traffic between the clients and Load Balancer, and between the Load Balancer and application nodes as described in the Deployment Guide.
Application and Data Stores Communications
Hipchat Server is deployed with all the Data Stores built-in, so no data is transferred over the network.
Hipchat Data Center does not have a built-in encryption mechanism for communications between the Application Nodes and remote Data Stores. The expectation is that the Application nodes and Data stores are located on a dedicated private network used exclusively by Hipchat Data Center, as recommended in the Deployment Guide.
If you host Hipchat Data center on AWS, work with your cloud service provider to create a suitable plan for securing your environment.
Encryption at Rest
Hipchat does not currently implement encryption at rest for any of the data. The expectation is for administrators to set up disk encryption on the hypervisor or cloud provider level. See EBS Encryption for AWS deployments, and Virtual Disk Encryption for vSphere.
Any changes to Hipchat users' personal data are automatically reflected in the Audit Log.
There may be limitations based on your product version.
Note, the above-related GDPR workaround has been optimized for the latest version of this product. If you are running on a legacy version of the product, the efficacy of the workaround may be limited. Please consider upgrading to the latest product version to optimize the workarounds available under this article.
Third-party add-ons may store personal data in their own database tables or on the filesystem.
The above article in support of your GDPR compliance efforts applies only to personal data stored within the Atlassian server and data center products. To the extent you have installed third-party add-ons within your server or data center environment, you will need to contact that third-party add-on provider to understand what personal data from your server or data center environment they may access, transfer or otherwise process and how they will support your GDPR compliance efforts.