TicketLog's application and data storage is hosted on Microsoft Azure servers in Netherlands. This data includes application data, configuration settings, tokens, and caches. As system administrators, we have access to this data. For user login management we use Azure AD B2C, which is a special instance of Microsoft's Azure Active Directory service to manage federated logins. Our Azure AD B2C server is hosted in the United States. As system administrators, we have access to the list of login email addresses, but not to passwords as they are hashed. For ticket data, we do not capture or store ticket Descriptions, Comments, or most other fields. We fetch these details via Azure DevOps API's on each request. However, we do cache each ticket's Title and State field to improve system performance on list screens. We can disable this cache if requested, but this will impact performance. Data is stored in a multi-tenant database, however with our limited data capture the potential for personal data exposure during an adverse event is remote. For Azure DevOps (ADO) integration, we recommend customers setup a dedicated integration account in ADO. For example, ticketlog@yourcompany.com. Customers can place restrictions on this account to limit which ADO project(s) TicketLog can interact with. We do not store the password for this integration - each connection must be authorized during setup, which provides us with an access token scoped only for the requested functions. These functions do not include user management functions, which limits the potential for privilege elevation via this access point. Customers can deauthorize their integration account at any time from the Azure DevOps portal.

Last updated: 2024.06.14