Security, compliance & transparency

Your data is valuable to you and safe with us.
Header image

Customers, data & transparency are at our core

Athenian is a customer-first, data-centric and transparent culture of high standards.

Our values reflect on our product, on how we operate and on those we choose to work with.

We value as much as you the quality, security & privacy of your data.That is by design and we are proud of it.

Engineered to keep you safe

Security data flow chart
Safe CodeFully EncriptedSane PermissionsCloud based

Sane Permissions

You choose which repositories and Jira projects Athenian tracks.

Athenian asks only for the essential permissions.

Safe Code

Athenian calculates metrics from the metadata.

Athenian never clones repositories nor stores source code.

Fully Encrypted

All data is encrypted when in transit and at rest.

Athenian does not store user authentication data.

Cloud-Based

Athenian infrastructure runs on Google Cloud Platform.

We run the latest patches, inside a private network, with strict access permissions.

Holistic Security

Athenian is SOC 2® Type 2 compliant.

All providers are SOC 1/2/3, ISO27001 and/or PCI compliant.
Holistic Security

Secure, compliant and transparent, inside out

COMPLIANT

SOC 2® Type 2 compliant

Athenian is formally attested AICPA Service Organization Controls SOC 2® Type 2 compliant by an independent audit firm with 100+ years of tradition. In addition, Athenian is monitored in real-time for its security controls by security compliance platform Vanta.

SOC 2® Type 2 reports assess how securely user data is managed based on service and organizational controls that operate continuously, according to AICPA trust services criteria evaluating security, availability, processing integrity, confidentiality, or privacy over information and systems.
AICPA SOC logo

GDPR & Data Protection compliant

Athenian is subject to and complies with the General Data Protection Regulation (GDPR), the toughest privacy and security law in the world. Athenian protects the information of its users and provides them with the ability to access and control the information that is collected and processed about them through our Privacy Policy.

GDPR regulates a series of data protection principles related to lawfulness, fairness & transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity & confidentiality; and accountability.
GDPR ready logo
Secure

Your data is secure at every step

Data confidentiality goes further than technology. It is about choice, transparency and responsibility.

We only request what is needed, and always let you know beforehand. You choose what to share, and can always opt-out.

We process & store the least data as possible to provide you a great product. When we must do so, we keep it truly secured and isolated.

Your data, your choice

  • Choice and consent
    We obtain your consent prior to any data collection (see our Terms of Service) and privacy is fully respected (see our Privacy Policy).
  • Responsible permissions
    You choose what repositories and projects to opt-in & out.
    We only have read permissions, never write.
    We only request permissions that are essential.
  • No source code
    We do not use your source code, nor clone or store code repositories.
    We only use metadata to calculate your metrics and filter any code that may be there.
  • Opt-out and data removal
    You can opt repositories or projects out at any point.
    Athenian purges or archives data according to customer requests or legal and regulatory mandates.

Secure and confidential

  • Secure access
    Users identify & authenticate via Auth0 (ISO 27001, SOC 2, PCI) using GitHub (2FA, SOC 1/2/3, PCI) or SAML. We don't store any personal information.
  • Encryption in transit and at rest
    All data in transit is encrypted using TLS.
    All data is stored using AES-256 or better, with encrypted & rotated symmetric keys.
  • Solid infrastructure
    Athenian runs on Google Cloud Platform (ISO27001, SOC 1/2/3, PCI). The environment is isolated and firewalled, IP-filtered, VPC/VPN with ACL. Instances are always up-to-date, and configured with scalability, redundancy & backups.
  • Confidential and isolated
    All customer data is at the most strict level of our internal Data Classification Policy.
    Your data is never used for development: we use mock & our own data in isolated dev & QA environments.
TRANSPARENT

Built with care and transparency

Contexts change, your problems evolve. So does their solutions in our product.

We rely on rigorous process to deliver the features you need while keeping new bugs at bay. And we act swiftly when necessary.

Our transparency puts you on top of things from day one. We want your partnership to build you a great product.

Built with care

  • Safe changes
    Prior to reaching production, changes are made in code branches and go through code review, testing, CI/CD and QA steps, involving multiple people and separate environments with no customer data.
  • Traceability
    We version-control our source code and infrastructure via Git & Github and have logs of the versions and individuals involved.
  • Reliability
    Incidents are communicated, logged and tracked down to resolution via a priority workflow; rollback procedures are available.
  • Vulnerabilities
    Monitored internally by the team and automation (Vanta, Snyk, GCP Container Analysis, dependabot, semgrep and more) and externally via independent penetration testing and according to our Vulnerability Disclosure Policy.

Transparency from day one

TRUSTWORTHY

Trust from every perspective

Secure systems, reliable product, responsible procedures and transparent terms are invaluable means to build and maintain trust.

Yet ultimate trust only comes when you know you can trust the people standing behind an organization and its product.

We at Athenian take extra steps to ensure we are held to these high standards internally as well as those we work with and rely upon to deliver you the product you truly trust.

People you can trust

  • Leadership
    The executives of Athenian are directly involved in security & compliance to ensure we stand by our values in practice.
  • Team
    Team members are screened for our values, background-checked, sign confidentiality agreements on hire and must follow strict policies on digital and physical information security; violations may lead up to termination.
  • Permissions
    Strict policies provide access on a least permissions, per-role basis. They are reviewed and revoked on a regular schedule and per event.
  • Secure access
    The company provides secure workstations, security training, and best practices to the team. 2SV-enabled G-Suite SSO ensures the identity & authentication.

World-class partners

  • Trusted third-party providers
    Auth0 (ISO 27001, SOC 2, PCI).
    Google Cloud (ISO 27001, SOC 1/2/3, PCI).
    Github (SOC 1/2/3, PCI).
    Atlassian (SOC, ISO 27001, PCI) .
  • Trusted payment processor
    Stripe (PCI certified, TLS encrypted).
    No payment information is ever stored by Athenian.
  • Vendor assessment
    All vendors and providers are individually filtered based on their reputation, security, data permissions and risk added or mitigated.