Security Statement

Last updated 2023-05-17

RefinedWiki provides hosted services delivered by well known and established third-party providers. RefinedWiki delivers these services through the Atlassian Cloud remote app framework Atlassian Connect. RefinedWiki will always use appropriate, organizational and technical security measures to protect Personal information. While we take reasonable effort to guard your Personal Information, no security system is impenetrable and due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers. In addition, we cannot guarantee that any passively-collected Personal Information you (the End User) choose to store in our SaaS Products (Cloud apps) are maintained at levels of protection to meet specific needs or obligations you may have relating to that information.

RefinedWiki also provides Downloadable products (Server apps), which are installed in the End User’s premise. The End User is responsible for securing access to the data they store in the Server/Data Center apps, RefinedWiki is not responsible for this. Furthermore, RefinedWiki does not have any access to any of the End User’s content in these Server apps. This statement only applies for our Cloud apps.

Data Storage

All content created by RefinedWiki’s Cloud apps are stored in our Cloud Storage Solution. All Images uploaded to RefinedWiki’s Cloud apps are stored in AWS. At times, RefinedWiki may temporary store (cache) some configuration information required for the operation of the Cloud apps.

All data in our Cloud Storage Solution is backed up daily meaning that our Recovery Point Objective (RPO) is a maximum of 24 hours

This does not apply to our Server/Data Center apps.

People and Access

RefinedWiki’s Cloud apps have limited access to customer data and such access is programmatically negotiated during the app installation, following Atlassian Connect protocols, including public/private key based authentication. The Cloud apps only access the information required for providing our services. Only data generated by our Cloud apps may be temporarily retained by our Cloud apps for caching and synchronisation purposes only.

RefinedWiki’s Cloud apps are designed to allow app data to be accessible only with appropriate credentials, such that one customer cannot access another customer’s data.

RefinedWiki’s development and support teams have access to RefinedWiki’s Cloud apps and may access customer data only for purposes of Cloud app health monitoring and performing system or Cloud app maintenance, and upon customer request via our support system. Within RefinedWiki, only authorized RefinedWiki employees and contractors have access to Cloud app data.

This does not apply to RefinedWiki’s Server apps.

Third Parties

RefinedWiki uses Heroku and AWS, leading cloud platforms, as a service provider for hosting its Cloud apps. Heroku’s security statement is available here: Heroku Security | Heroku.  More about AWS’s security practises here: Security and compliance - Overview of Amazon Web Services.

This does not apply to RefinedWiki’s Server apps.

Privacy

RefinedWiki understands and is committed to the importance of ensuring the privacy of your personally identifiable information. For more information, please see RefinedWiki’s Privacy Policy

Reporting Security Vulnerabilities

RefinedWiki is committed to ensuring the security and confidentiality of your information, and it’s very important for us to hear about ways we can improve the security of our Cloud apps.

If you discover a vulnerability, please disclose it to us through RefinedWiki’s Support System, or email security@refined.com. To be able to assess the exploitability and impact of the issue, provide us with as much information as possible:

  • Provide the steps used to reproduce the issue, including any URL’s or code involved
  • HTTP request / response captures, or simply packet captures are also very useful to us.

We pay bounties for security vulnerabilities only through our Bug bounty program via BugCrowd. If you wish to be added into the program as a researcher, email security@refined.com .

Please be aware that we are unable to respond to generic scanner reports. If you have had a security practitioner examine a generic scan report and they have isolated specific vulnerabilities that need to be addressed, we request that you use our Support System to report them individually.