Data security policy

Last updated: February 10th, 2026

We are committed to protecting customer data and maintaining secure operation of our cloud applications. Security controls are integrated into our development and operational processes to reduce risk and ensure confidentiality, integrity, and availability of data processed by our services.

Types of Data Processed

Application Content Data — Data entered and managed by users within the application interface as part of normal use.

Personal Data — Name and email address provided voluntarily when contacting support or communicating with us.

Platform Metadata — Platform-specific identifiers such as Atlassian account IDs or Microsoft identifiers used to associate application data with authenticated users and tenants

Usage Data — Technical and diagnostic information collected automatically when the Service is used.

We do not use customer data for purposes unrelated to providing the service.

Security controls

Infrastructure and Hosting — Our services are hosted on cloud infrastructure provided by DigitalOcean. Production environments are logically isolated and access is restricted to authorized personnel only.

Encryption — All data transmitted between clients and our services is encrypted using industry-standard TLS encryption. Data stored within our databases is encrypted at rest. Backups are stored securely using encrypted storage mechanisms.

Access Control — Access to production systems is restricted based on the principle of least privilege. Multi-factor authentication (MFA) is required for administrative access to infrastructure and production environments. Access permissions are reviewed periodically.

Monitoring and Logging — System activity and operational events are logged and monitored to detect potential security incidents. Logs are retained for a limited period for operational and security analysis.

Data Handling — Our applications process only the data necessary to provide the requested functionality. We do not access or use customer data for purposes unrelated to service delivery.

Subprocessors — We rely on selected infrastructure and service providers to operate our services. A current list of subprocessors is available upon here: https://www.aldevadigital.com/subprocessors/.

Third-Party Integrations — When users enable integrations with third-party services (such as Google Workspace or Microsoft services), authentication tokens may be stored securely and used solely to provide the requested integration functionality. Tokens are protected using access controls and are not used for any other purpose.

Vulnerability Disclosure — We welcome responsible disclosure of security vulnerabilities. Reports can be submitted to bug bounty program here https://tracker.bugcrowd.com/aldeva-digital.

Security Contact — Security concerns or vulnerability reports can be submitted to: security@aldevadigital.com.