Expium LLC offers hosted product / services (“SaaS”), as described on its website. This cloud security statement applies only to these hosted services; other Expium offerings may involve customer hosted systems, or products and services not involving hosting, to which this cloud security statement does not apply.
Customer Data Separation
Each customer’s data is stored in a separate database schema, isolated from all other customer data. Every web or API request is authenticated and authorized for a specific customer before customer data can flow. Expium does not offer any products or features which combined, integrate, or otherwise access data between one customer and another.
Hosting Location / Jurisdiction
See our data processors list for hosting providers and locations for Expium SaaS products.
Integration with Other Services
Expium SaaS products typically integrate with another vendor’s offerings; for example, Atlassian Jira add-on products ("apps") use the Atlassian Jira API to access customer data stored there; this data is treated the same way as any data directly entered by customer users into Expium SaaS products.
Deletion of cloud data
Expium SaaS add-on products automatically delete customer data from Expium systems, after a safe waiting period, when the underlying core product (Atlassian Jira, for example) no longer connects Expium servers to a particular customer.
Operations and Support
Only authorized Expium team members have access to application data.
Expium systems are backed up regularly with backups stored off-site, using Amazon AWS services or other cloud hosting services. Expium SaaS products which act as add-ons treat the relevant product (for example, Atlassian Jira) as the system of record to the extent technically allowed, thereby relying primarily on the integrity and security of such upstream systems.