See https://support.esign-app.com for eSign Documentation and Support
Data Residency and Access Transparency Policy
All persistent eSign data (e.g. Signatures) resides ONLY within each Customer’s host Jira instance (e.g. https://<customername>.atlassian.net). See the following Atlassian support article on data residency for host Jira instances (https://support.atlassian.com/security-and-access-policies/docs/understand-data-residency-and-realms/).
In operation, eSign requires temporary access to Jira Host instance data to implement electronic signature functionality. This information is retrieved via the Atlassian Jira API (encrypted in transit) and used temporarily by eSign during signature processing; it is not permanently stored.
The eSign processing servers are hosted securely by AWS. The eSign processing servers are hosted securely by AWS. See ISO Certified for more information on AWS security compliance and accreditation.
The following table identifies the Jira data that is accessed temporarily by the eSign servers and why each is necessary.
Jira API | Fields Accessed (Not Stored) | Purpose |
---|---|---|
Jira Configuration | Project name, enabled Issue Types, defined User Fields and allowed Issue States | eSign workflow controls allow restricting Signatures to User Fields. The list of defined User Fields is retrieved for eSign Configuration (e.g. Reporter, Assignee, Custom). eSign allows restricting Signature function by Issue State (e.g. Open/In Progress) Project display name and issue types are displayed on the Verification Report |
Issue Data | Project, Issue Status, User Fields (subset) | Issue Status is required to enforce workflow status restrictions configured at the project level. The contents of User fields configured in eSign as restricted User Fields are accessed to determine if the current user is permitted to execute a signature on that issue. |
Issue Data | Issue Type, Summary, Description, Attachments | Signature verification requires a cryptographic link to the contents of the issue. The Issue Summary, Description and Attachment (metadata) is hashed into a checksum that is stored with each executed signature. This checksum is used during signature verification to detect if issue contents or attachments were changed after signing. |
User Data | Display Name, Time zone and Locale, E-mail Address | The user name, time zone and locale are retrieved to populate the signee name and local date/time for the electronic signature. |
Data Processing Locations
eSign for Jira has multiple data processing locations. Customers have the option to “Pin” their eSign app location to one of the following locations via Atlassian Security administration. Once pinned, the eSign server(s) in that location will perform all signature processing for that cloud site.
Note that eSign does not permanently store any end-user data outside of the Atlassian cloud. Processing “closer” to the cloud site can provide the following benefits.
For customers with regional compliance requirements, pinning the location to within a specific region ensures that signature data processing occurs within that region.
Customers with Atlassian cloud sites located closer to the EU will notice faster response time when working with eSign as compared to the US hosted location.
See this Atlassian article for more information on Data Residency. Data Residency: Manage Where Your Data is Hosted | Atlassian. Pinning apps is available within admin.atlassian.com
Location | eSign Hosted Region (AWS) |
---|---|
Default | US (East) |
European Union | Europe (Frankfurt) |
Germany | Europe (Frankfurt) |
USA | US (East) |