Security

Customers many use cloud hosted versions of their tools (ex: Jira Cloud) or host them (ex: Jira Server) on internal servers. Hakkiri needs to be able to access those servers to be able to collect the data used to provide organizational transparency and analytics.

For cloud hosted tools Hakkiri leverages the secure API connections those products make available. Those connections can be securely setup by users with Administrative privileges to those tools.

For internally hosted tools secure connections can be established by whitelisting Hakkiri IPs. The IP addresses that Hakkiri will use will be provided during account setup.

All traffic is HTTPS (port 443). You may specify a custom port (other than 443) in the URL when configuring the URL for the on-premise server in Hakkiri.

HTTPS webhook traffic from the internal system to Hakkiri (outbound from the on-premise network) will go to the same IP addresses. It is only necessary to whitelist these IP addresses for outbound connections if you normally block outbound connections which is less common.

Where is Data Stored?

Hakkiri is built on Amazon’s AWS. To find out more information about Amazon’s security and infrastructure, please visit their security statement: https://aws.amazon.com/security/. We currently store all persisted data in encrypted form in a MongoDB Atlas database that is hosted in Amazon's AWS. To find out more information about MongoDB's security and infrastructure please visit their security statement: https://www.mongodb.com/cloud/atlas/security. All backups of the MongoDB database are kept on AWS for a period of 90 days at which point they are deleted permanently. We do not keep local copies of production data.

How is Data Accessed?

Your data can only be accessed via an SSL connection using an authenticated session. We do not provide exports or any form of a download of your data. It is not possible to access your underlying data directly.

Who has Data Access?

Only authenticated users with the username and password you provide can access your data. There is no public access to your data of any kind.