Data Handling and Security

Employee Database is a core feature of Cosmos. This guide explains how data is stored, managed, and protected. It includes the most important practices for keeping employee information secure and well organized.

Below is the table of contents for this guide.

1 Atlassian security standards
2 ISO 27001 and ISO 9001 Certifications
3 Cosmos is built with the Atlassian Connect framework
4 Employee Database
- 4.1 Custom columns
- 4.2 Microsoft Entra ID fields
- 4.3 What is Typesense?
- 4.4 How Typesense protects the data
- 4.5 Access control for Typesense cloud data

Atlassian security standards

To ensure maximum security and continuous monitoring, we strictly follow the latest Atlassian security standards. Our Caelor apps are actively part of the Cloud Fortified and The Marketplace Security Bug Bounty program, guaranteeing the highest security standards.

By joining the Cloud Fortified program, our apps undergo security audits, meeting strict reliability and resilience standards.
The Marketplace Security Bug Bounty program enables researchers to report vulnerabilities, ensuring our apps remain robust, secure, and trusted by users.

ISO 27001 and ISO 9001 Certifications

We are proud to hold the latest ISO 27001 and ISO 9001 certifications, which highlight our commitment to both data protection and operational excellence.

ISO 27001 is the leading international standard for information security. It ensures that we follow strict controls to protect sensitive data from unauthorized access, breaches, or loss. This includes robust risk management, continuous monitoring, and regular audits.
ISO 9001 focuses on quality management. It confirms that we have strong internal processes in place to consistently deliver high-quality services, reduce errors, and improve customer satisfaction.

These certifications are a key part of our trust framework, giving customers the confidence that their data is handled securely and responsibly.

Cosmos is built with the Atlassian Connect framework

Cosmos is developed using the Atlassian Connect framework, which differs significantly in its hosting and operation model compared to Atlassian Forge.

Connect apps allow developers to choose their own hosting provider (e.g., Google Cloud, AWS), giving full control over hosting, security, and maintenance. This flexibility enables customization of performance, infrastructure, and compliance measures. Forge apps, on the other hand, are hosted entirely by Atlassian. Atlassian manages the hosting, scaling, and security, which simplifies development and reduces operational overhead for app developers,

Google Cloud Platform

We use Google Cloud Platform to host apps developed with the Connect framework, storing data in various EU regions (Belgium, Netherlands, Zurich, Frankfurt, Finland, or Warsaw), under EU jurisdiction.

What we store in Google Cloud Platform (GCP)?

Profile background image.
Information about database columns, including name, type, and position in the database.
Database field values. For instance, the database column "Location" has values such as New York, London, Berlin, and Tokyo; however, these entries are not linked to any usernames or email addresses.

We do not store any personally identifiable information (PII). All data stored in GCP is non-identifiable and necessary for the normal operation of the app.

Forge Migration

Forge was considered when we started building Cosmos, but it lacked key features at the time. We've monitored its progress and plan to migrate Cosmos to Forge in the next 9–12 months. The move to Atlassian’s infrastructure will be seamless for users, with no risk or disruption. The same plan applies to Optics and Pulse.

Employee Database

The Employee Database offers two approaches for managing employee information:

Custom columns: Admins have the capability to create custom columns within the employee database and manually enter data. Additionally, any information provided by users in their profiles is automatically integrated into the Employee Database.
Microsoft Entra ID integration: To facilitate seamless and automatic updates, synchronize employee information with Microsoft Entra ID. Please note that this data is read-only.

The Employee Database is used for the following intranet functionalities:

People network: Effortlessly browse, filter, and locate colleagues.
Collections: Create dynamic employee groups based on job title, department, or location.
Dashboard widgets: Showcase new starters, work anniversaries, and upcoming birthdays.
Org. charts: Visualize the organizational structure.

Custom columns

When creating custom columns in the Cosmos Employee Database, the data is stored in Typesense, following their stringent standards.

We do not store employees' names and emails. We only save unique identifiers like Confluence IDs or Entra IDs. Custom fields like department or location are not PII unless linked to names or sensitive information.

Microsoft Entra ID fields

For organizations using Microsoft Entra ID, data storage depends on which fields are used in filters. Fields added to filters are saved in Typesense to improve performance and make filtering faster and easier. Other fields, like phone numbers, addresses, or birth dates, are not stored in Typesense and are only shown in user profiles. When managing the database, admins can choose which Entra ID fields should be stored and which should not.

What is Typesense?

Typesense is a high-performance search platform that delivers fast, relevant, and secure search experiences. It powers application search by indexing data and providing instant results via its API. Typesense emphasizes data security with encrypted transmission, isolated clusters, and compliance with standards like SOC 2 and HIPAA. Optimized for speed and scalability, it is a trusted solution for organizations with large datasets. https://cloud.typesense.org/

Data encryption: All data is encrypted in transit (HTTPS) and at rest (disk encryption).
Data isolation: Each cluster is fully isolated to ensure no commingling of data.
Compliance: Typesensee SOC 2 (Type 2) certified, and evaluated by an independent AICPA certified external auditor. Typesense shares their SOC 2 report with customers who purchase the Business or Enterprise Tier support plan for at least a year.
Global data residency: You can select the geographic region for your data to comply with local regulations.

How Typesense protects the data

Typesense does not access any customer data as a strict matter of policy, unless you've given us explicit written approval to do so for debugging any issues.

Encryption: All data is encrypted in transit and at rest.
Global data residency: Our default data storage location is in the Frankfurt region. However, upon request, we can explore accommodating data residency preferences to comply with specific regional data regulations.
Controlled access: Role-based access control and API key management ensure data access is limited to authorized users only.
Privacy by design: Typense do not store names or sensitive identifiers unless explicitly configured by the admin.
Data retention: Data can be deleted anytime, and terminated clusters are irrecoverably erased.
Monitoring: Logs and capacity are continuously monitored for anomalies, with 24/7 alerts to handle issues promptly.
Audits: Annual audits and penetration testing are conducted to ensure compliance with best practices.
Physical security: Typesense relies on compute services from third-party cloud infrastructure providers and does not operate or manage any physical servers directly. Physical security and redundancy for these data centers are managed by the cloud providers.

For further information, contact Typesnse team or refer to Data Processing Agreement.

Access control for Typesense cloud data

Access to the data stored in your Typesense Cloud cluster is managed securely through API keys. These keys can be generated via the Typesense Cloud dashboard or the API, providing you with full control over data access.

The Caelor team ensures secure management of API keys for your Typesense Cloud cluster by following industry best practices.

Safeguard API keys: Store API keys securely and restrict access to authorized personnel only.
API key management: We use a single API key, securely stored as a variable in Google Cloud Build, exclusively accessible within our backend environment. This approach ensures the key is safeguarded and not exposed in the frontend. For development purposes, we use a local Typesense setup without customer data, eliminating the need for the API key except in production environments.
Set permissions: Assign appropriate permissions to each API key. For example, keys used in frontend applications should have search-only permissions.