Oops! Something went wrong while submitting the form.
Customers, data & transparency are at our core
Athenian is a customer-first, data-centric and transparent culture of high standards. Our values reflect on our product, on how we operate and on those we choose to work with. We value as much as you the quality, security & privacy of your data. That is by design and we are proud of it.
Engineered to keep you safe
You choose which repositories and Jira projects Athenian tracks. Athenian asks only for the essential permissions.
Athenian calculates metrics from the metadata.
Athenian never clones repositories nor stores source code.
All data is encrypted when in transit and at rest.
Athenian does not store user authentication data.
Athenian infrastructure runs on Google Cloud Platform. We run the latest patches, inside a private network, with strict access permissions.
Athenian is SOC 2® Type 2 compliant.
All providers are SOC 1/2/3, ISO27001 and/or PCI compliant.
Secure, compliant and transparent, inside out
SOC 2® Type 2 compliant
Athenian is formally attested AICPA Service Organization Controls SOC 2® Type 2 compliant by an independent audit firm with 100+ years of tradition. In addition, Athenian is monitored in real-time for its security controls by security compliance platform Vanta. SOC 2® Type 2 reports assess how securely user data is managed based on service and organizational controls that operate continuously, according to AICPA trust services criteria evaluating security, availability, processing integrity, confidentiality, or privacy over information and systems.
GDPR & Data Protection compliant
GDPR regulates a series of data protection principles related to lawfulness, fairness & transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity & confidentiality; and accountability.
Your data is secure at every step
Data confidentiality goes further than technology. It is about choice, transparency and responsibility.
We only request what is needed, and always let you know beforehand. You choose what to share, and can always opt-out.
We process & store the least data as possible to provide you a great product. When we must do so, we keep it truly secured and isolated.
Your data, your choice
Responsible permissions You choose what repositories and projects to opt-in & out. We only have read permissions, never write. We only request permissions that are essential.
No source code We do not use your source code, nor clone or store code repositories. We only use metadata to calculate your metrics and filter any code that may be there.
Opt-out and data removal You can opt repositories or projects out at any point. Athenian purges or archives data according to customer requests or legal and regulatory mandates.
Secure and confidential
Secure access Users identify & authenticate via Auth0 (ISO 27001, SOC 2, PCI) using GitHub (2FA, SOC 1/2/3, PCI) or SAML. We don't store any personal information.
Encryption in transit and at rest All data in transit is encrypted using TLS. All data is stored using AES-256 or better, with encrypted & rotated symmetric keys.
Solid infrastructure Athenian runs on Google Cloud Platform (ISO27001, SOC 1/2/3, PCI). The environment is isolated and firewalled, IP-filtered, VPC/VPN with ACL. Instances are always up-to-date, and configured with scalability, redundancy & backups.
Confidential and isolated All customer data is at the most strict level of our internal Data Classification Policy. Your data is never used for development: we use mock & our own data in isolated dev & QA environments.
Built with care and transparency
Contexts change, your problems evolve. So does their solutions in our product. We rely on rigorous process to deliver the features you need while keeping new bugs at bay. And we act swiftly when necessary.
Our transparency puts you on top of things from day one. We want your partnership to build you a great product.
Built with care
Safe changes Prior to reaching production, changes are made in code branches and go through code review, testing, CI/CD and QA steps, involving multiple people and separate environments with no customer data.
Traceability We version-control our source code and infrastructure via Git & Github and have logs of the versions and individuals involved.
Reliability Incidents are communicated, logged and tracked down to resolution via a priority workflow; rollback procedures are available.
Vulnerabilities Monitored internally by the team and automation (Vanta, Snyk, GCP Container Analysis, dependabot, semgrep and more) and externally via independent penetration testing and according to our Vulnerability Disclosure Policy.
Secure systems, reliable product, responsible procedures and transparent terms are invaluable means to build and maintain trust. Yet ultimate trust only comes when you know you can trust the people standing behind an organization and its product. We at Athenian take extra steps to ensure we are held to these high standards internally as well as those we work with and rely upon to deliver you the product you truly trust.
People you can trust
Leadership The executives of Athenian are directly involved in security & compliance to ensure we stand by our values in practice.
Team Team members are screened for our values, background-checked, sign confidentiality agreements on hire and must follow strict policies on digital and physical information security; violations may lead up to termination.
Permissions Strict policies provide access on a least permissions, per-role basis. They are reviewed and revoked on a regular schedule and per event.
Secure access The company provides secure workstations, security training, and best practices to the team. 2SV-enabled G-Suite SSO ensures the identity & authentication.
Trusted third-party providers Auth0 (ISO 27001, SOC 2, PCI). Google Cloud (ISO 27001, SOC 1/2/3, PCI). Github (SOC 1/2/3, PCI). Atlassian (SOC, ISO 27001, PCI) .
Trusted payment processor Stripe (PCI certified, TLS encrypted). No payment information is ever stored by Athenian.
Vendor assessment All vendors and providers are individually filtered based on their reputation, security, data permissions and risk added or mitigated.