Information Security

Nature of data held & data encryption:

Plandek is designed to collate & surface meta-data that does not contain sensitive client IP

Data sources

Plandek data is sourced from the underlying tools used across the software delivery process. Key data sources are:

Workflow management tools (e.g. Jira)
Code repositories (e.g. Git)
CI/CD tools (e.g. Jenkins)

Nature of data collected

Plandek only stores metadata about the software development process and avoids storage of data which may hold sensitive IP (as such Plandek does NOT store data such as ticket descriptions, source code, commit messages, attachments or comments). Examples of metadata which Plandek may store includes information such as transitions of issues, the time of commits and pull requests and the person who performed the actions. For an exhaustive listing of data gathered, see Data Stored Per Gatherer document.

Data encryption

All access to tools such as Jira, Github, Bitbucket and CircleCI are performed over encrypted connections. Plandek uses read-only accounts and will never change data in the source systems. Our analysis is performed on short-lived Kubernetes pods and the raw data is purged once analysis is complete. For customers with specific privacy requirements, the gathering stage of the process can be run on the customer side so your intellectual property is never on Plandek servers. All data that Plandek holds is encrypted at rest and in transit.

Protection of your access credentials

All access credentials which are held are encrypted with Google Key Management Service, giving us the ability to monitor decryptions, revoke and rotate keys regularly.

Enforcing privacy between customers

The Plandek cloud platform is multi-tenant and as a consequence, we devote considerable resources to ensuring that your data can only be accessed by your team. We employ a variety of technical measures to ensure this separation including fine-grained role based permissions which are a key focus of our annual penetration tests. To date, our penetration tests have not found any weaknesses in our separation between customers.

Systems architecture and data location:

Plandek has been architected to offer cloud and on-premise data-gatherer solutions.

Plandek standard systems architecture summary

Data Tenancy

Plandek holds all data in the Google Cloud Platform Belgium region. Metric data is stored in Elastic Cloud in the same Google Cloud region.

Gathering

Plandek’s gatherers run on clients’ servers and connect to the APIs exposed by client services. They fetch raw data, which is stripped down to the minimal amount of metadata required to power the product. This metadata is then sent encrypted to Plandek’s API to be processed. This part of the system can run on-premise or in our cloud.

Processing

Processing runs on Plandek’s servers and converts the metadata into events which are used to generate the metrics that power the Plandek Web Application.

Metrics

Metrics runs on Plandek’s servers and consumes the processed data from processing and generates metric data based on it.

Web Application

Plandek’s web application is built in React, over a high performance Node.js backend. We conduct an external white box penetration test and security audit on our infrastructure and externally accessible services at least annually.

Plandek on-premise data gatherer option

Plandek offers clients the option of an on-premise data gatherer. This option ensures that sensitive data (received automatically via the connected APIs and not required by Plandek) are removed from the dataset before its encrypted export into the cloud – and therefore such data never leaves the client’s network.

The Plandek data collection process is separated into several stages to ensure that your source code does not leave your network and to put minimal strain on your services.

How it is deployed and managed

The on-premise gatherers are designed to run on a kubernetes cluster and are packaged as a docker container. This comprises of a long-running orchestrating component which communicates with Plandek’s systems and launches short-lived gathering pods on the Kubernetes cluster.

Application and data security:

Plandek is a highly secure environment

Application Security

The Plandek platform is hosted on Google Cloud Platform in Belgium. Plandek follows Google’s best practices for configuration and security. The Plandek infrastructure and software is audited and pentested by Cure53 on a regular basis and any issues that are identified are rapidly resolved. To read more about Google Cloud’s security see: https://cloud.google.com/security

Only the Plandek web application is exposed on the internet, all other resources are firewalled and only accessible via Google Cloud Identity-Aware Proxy or our VPN. The Plandek web application is only available via HTTPS, protected by TLS.

Data security

Plandek production database is Elasticsearch hosted by Elastic in Google Cloud Belgium. Elastic have an exemplary security model and we trust their ability to keep your data safe. See more about Elastic’s security here: https://www.elastic.co/cloud/security

We store our metadata cache in Google Cloud Storage using customer supplied encryption keys and configuration in Postgres, encrypted at rest.

We never store or transmit data unencrypted.

Pentests and Vulnerability scanning

Plandek undertakes a white box source code audit and penetration test annually with Cure53. This covers our web applications and backend services and the underlying infrastructure. We also run automated vulnerability scans to identify risks and weaknesses in our systems on a continuous basis using intruder.io

Infosec processes and procedures:

Plandek’s business processes are built around the security requirements of our enterprise clients

Employee access to customer data

No Plandek employees access client data unless it is necessary to support the service or to resolve an incident. We also respect the privacy of our customers, so when it is necessary to access client data in Plandek, we will only view the minimum amount of data necessary to resolve the issue.
Plandek limits the number of employees who have the ability to access customer data or production infrastructure to the minimum necessary to maintain and run the systems.
Plandek requires that employees with access to customer data are based in the EEA. All employees are also vetted before employment commences, and all contracts contain confidentiality clauses.

Employee systems access

All access to internal systems and tools are only possible through either a VPN or Google Cloud Identity Aware Proxy and all employee devices are encrypted. We also mandate strong passwords and 2FA for employee accounts.

Authentication

Plandek supports authentication via Auth0, either with a username and password or via your own single sign on service. Our authentication system is built using Auth0. You can read more about Auth0’s security here: https://auth0.com/security. Plandek supports fine grained role based authentication.

Protection of your access credentials

All access credentials which we hold are encrypted with Google Key Management Service.

Backups and Disaster Recovery

Plandek infrastructure covers multiple availability zones, and our databases are backed up and tested automatically daily.

Incident management

Plandek has a comprehensive and robust incident response plan for handling security incidents, from identification, to rapid mitigation to the post-mortem process.

Reporting an issue

If clients believe that they have identified a security issue, they contact security@plandek.com and the team will be in touch (within a tight SLA) to learn more about it and work with the client to reproduce and resolve the issue.

Plandek approach to GDPR and personal data security

Plandek is GDPR compliant

Plandek platform and data usage

Plandek is a cloud-based analytics platform (European Google cloud) that is used by clients to analyse their end-to-end software delivery process
Plandek works by mining data held in clients’ underlying software delivery toolsets (e.g. Jira, Git, Jenkins) to surface delivery metrics in customisable dashboards used by the client to optimise their (internal) delivery process
As such, Plandek only holds data already present in these underlying toolsets. This includes company employee names and email addresses and certain actions taken by the employees (e.g. completing a Pull Request, transitioning a ticket)
The employee data is not shared with any third-party and is only used by the client teams themselves to improve their own performance over time
Plandek allows analytical drill-down by workstream, team and individual (e.g. an individual’s Completed Tickets). However, if desired, the collection of personally identifiable information and the ability to view individuals can be disabled, so data is only visible at a team level

Plandek use of personal data and GDPR compliance

Under GDPR legislation, Plandek is deemed the Data Processor and the client remains the Data Controller
As such, Plandek’s use of personal data is fully GDPR compliant, as the client remains the Data Controller and under the terms of the Plandek T&Cs retains control of all data surfaced in the Plandek dashboards
Any personal data is used for the client’s own internal purposes only (and Plandek as Data Processor does not have the right to use the client data for its own purposes)
When Plandek is used by the client:
- A Personal Data Privacy Notice can be displayed to all users
- All personal data is encrypted, securely held and not accessible to Plandek as Data Processor without client permission
- Only existing data held within company toolsets is collated and surfaced within the Plandek dashboards (no new personal data is collected)
- The data is not shared outside the client company and is only used by the client employees themselves to self improve their own performance in the workplace

Security documentation downloads

Available to download:

Security FAQs

Covers the key questions about how Plandek handles data protection, access to data, incident management, backups & DR and pen testing.

Download

Data stored by gatherer

Details of data stored by gatherer including: Github/Bitbucket/Gitlab, JIRA, Harvest, Tempo, Forecast and CI services.

Download

On-premise data gathering

An overview of the Plandek data collection process covering: gathering, processing, metrics, and how this is deployed and managed.

Download

Information security summary

An overview of Plandek’s information security covering all the topics on this page.

Download

GDPR compliance

Details how Plandek uses personal data in compliance with GDPR.

Download

Available upon request:

Pen test audit results
Information Security Policy
Infosec Risk Management Policy

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_108016872_1	1 minute	Set by Google to distinguish users.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjid	1 year	This is a Hotjar cookie that is set when the customer first lands on a page using the Hotjar script.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
ajs_user_id	never	The cookie is set by Segment.io and is used to analyze how you use the website
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
ajs_group_id	never	This cookie is set by Segment.io. The purpose of the cookie is currently not identified.
AnalyticsSyncHistory	1 month	No description
debug	never	No description available.
gtm_id	1 year	No description available.
intercom-id-q1lp3uef	8 months 26 days 1 hour	No description
intercom-session-q1lp3uef	7 days	No description
li_gc	2 years	No description
prism_253562659	1 month	No description
site_identity	2 years 8 months 26 days	No description available.
sliguid	5 years	No description available.
slireg	7 days	No description available.
slirequested	5 years	No description available.
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.