Cloud Security Statement

Scope

Expium LLC offers hosted product / services (“SaaS”), as described on its website. This cloud security statement applies only to these hosted services; other Expium offerings may involve customer hosted systems, or products and services not involving hosting, to which this cloud security statement does not apply.

Customer Data Separation

Each customer’s data is stored in a separate database schema, isolated from all other customer data. Every web or API request is authenticated and authorized for a specific customer before customer data can flow.

Hosting Location / Jurisdiction

Expium SaaS products are hosted via Amazon AWS, generally in its Virginia USA or Oregon USA cloud hosting facilities.

Integration with Other Services

Expium SaaS products typically integrate with another vendor’s offerings; for example, Atlassian Jira add-on products use the Atlassian Jira API to access customer data stored there; this data is treated the same way as any data directly entered by customer users into Expium SaaS products.

Operations and Support

The Expium support and operations team will access customer data only to the extent necessary to serve a customer support request, or to maintain the operation of Expium SaaS products. For more information please see our Privacy Policy.

Only authorized Expium team members have access to application data.

Backups

Expium systems are backed up regularly with backups stored off-site, using Amazon AWS services. Expium SaaS products which act as add-ons treat the relevant product (for example, Atlassian Jira) as the system of record to the extent technically allowed, thereby relying primarily on the integrity and security of such upstream systems.