1. Overview
Badabing Software is a small, independent studio. While we don't hold formal security certifications, we follow widely accepted best practices to protect your data and keep our Atlassian cloud apps reliable and secure.
2. Data Protection
Key principles we follow:
- Data minimization – we only collect the information strictly required for our apps to function.
- All traffic between your browser and our services is encrypted with HTTPS (TLS 1.2+).
- Data you store through our apps lives in Atlassian Cloud; we do not copy it elsewhere unless explicitly required.
- Back-ups are handled by Atlassian's platform; we do not export or retain additional copies.
3. Encryption
All communication with our applications is secured using TLS 1.2+. Atlassian Cloud encrypts customer data at rest, and we do not implement any custom key-management layer on top of that.
4. Hosting & Infrastructure
Our backend code runs entirely on Atlassian Forge. We rely on Atlassian for physical, network and data-center security.
5. Access Controls
- Only one person (the founder/developer) has access to production systems.
- Multi-Factor Authentication (MFA) is enforced on all related Atlassian, AWS and source-code accounts.
- Source control is hosted on private, MFA-protected repositories.
6. Vulnerability Management
Dependencies are kept up to date and automated security alerts are monitored weekly. Critical patches are applied as soon as reasonably possible.
7. Incident Response
If we become aware of a security incident that affects your data, we'll investigate quickly and notify impacted customers via email within 72 hours, outlining the nature of the issue and remediation steps.
8. Compliance
Badabing Software is not formally certified (e.g., ISO 27001 or SOC 2). We nonetheless align our controls with guidance from OWASP and Atlassian's Trust Center.
9. Responsible Disclosure
We value input from the security community. If you believe you've discovered a vulnerability, please report it responsibly via support@badabing.pro.