Cloud Security Statement
Effective as of May 19, 2018.
Overview
Tempo cloud services (Tempo Cloud) are hosted and delivered by Amazon Web Services (AWS). Amazon is responsible for the security of its actual data centers and the AWS cloud. Tempo is responsible for monitoring, managing and securing the Tempo Cloud.
Facilities
AWS manages the data centers that host the Tempo Cloud. For more information about security at those data centers, see here.
Tempo Cloud data is hosted in the United States.
Certification
Amazon Web Services manages the security of the cloud. AWS has been certified by third-party organizations, and manages many compliance programs to comply with laws and regulations. A list of such certifications and compliance statements can be found here.
AWS has a public SOC 3 report on Security, Availability & Confidentiality (pdf)
Tempo has created a SOC 2 Type 1 report that focuses on internal controls as they relate to security and confidentiality of our cloud service. Please read more here: SOC 2 Type 1 report
Tempo is certified as a Cloud Security Compliant vendor with Atlassian, see here.
People and Access
Within Tempo, only a few trusted members of our Cloud Team have access to the production environment for the purposes of maintaining our cloud services and assisting our customers. Additionally, we monitor all access to Tempo Cloud.
Customers are responsible for maintaining the security of their own login information.
Data Storage
In the Tempo Cloud, data at rest is encrypted following industry standards. Additionally, all communications with the Tempo Cloud are protected with HTTPS using TLS and within the Cloud with VPN network connections.
Data Retention
Tempo provides a feature that lets you determine your own data retention policy for your data. If nothing is selected, data is retained indefinitely while you are our customer. In case you leave our service, one month later your data is moved into a secure storage archive and removed from production database. As a part of our effort of not storing unnecessary data too long the data is then removed from the archive when one year has passed from leaving our service. If you return within one year later to Tempo your archived data is restored as it was but if not, the data is removed from the archive also.
See our help center for more details.
Backups
Customer data is backed up three times per day, and is encrypted following industry standards. Backup lifetime is three months.
Disaster Recovery
Tempo’s Cloud team has a disaster recovery process in place and it is tested on a regular basis.
Privacy
Tempo understands the importance of ensuring the privacy of your personally identifiable information and being legally compliant to privacy laws and regulations. For more information, please see our Privacy Notice.