Trust Center
At Seibert, protecting your data isn’t just a priority – it’s a promise.
On this page, you’ll get the essentials on our security standards and the steps we take to keep your data locked down tight.
ISO 27001:2022 Certified
Data protection is a cornerstone of our work at Seibert Products. Our ISO 27001:2022 certification demonstrates our commitment to the highest standards of information security management.
This internationally recognized standard confirms that we have robust policies that cover our full scope of operations, including software development, support, license trading, consulting, training, and all supporting processes aimed at improving collaboration.
It shows our dedication to keeping information safe with proven security measures, ongoing risk management, and continuous improvements across our products.
Runs on Atlassian
Many Seibert apps are ‘Runs on Atlassian’ certified, meaning they meet Atlassian’s highest standards for privacy and security. These apps are hosted entirely on Atlassian’s infrastructure, keep all data within the Atlassian environment, and give customers full control over data egress.
The ‘Runs on Atlassian’ badge makes it easy for Confluence and Jira users to identify trusted, compliant apps, so teams can add functionality with confidence and without lengthy security reviews.
Cloud Fortified
Nearly all Seibert Cloud apps are Cloud Fortified or Cloud Security Participants, proof of our commitment to timely support, reliable performance, and participation in Atlassian’s Bug Bounty Program.
Cloud Fortified apps meet all of Atlassian’s cloud security requirements and show their own investment in cloud security by participating in the Marketplace Bug Bounty program and providing complete information on the privacy & security tab of their Marketplace listing. They also meet additional requirements for reliability at scale. Cloud Fortified apps also meet a 24 hour response time, 5 days a week support SLA.
Transparency and Protection
Why Choose Seibert Products?
Privacy
We take compliance seriously. We provide DPAs to ensure your data is handled according to GDPR and industry standards. For more details, see our Trust Center, Cloud Apps Privacy Policy and general Privacy Policy.
Transparency
Openness is one of Seibert’s values. That’s why we document how our apps work, publish clear update notes, and keep customers informed—so you always know what’s happening behind the scenes.
Security
Security is at the core of our company.
Nearly all Seibert apps participate in the Atlassian Bug Bounty program, ensuring continuous, real-world testing against vulnerabilities.
We also subject the security of our offices and our infrastructure to external pentesting.
Processes
No improvising here: we have internal requirements for secure software development based on OWASP guidelines that are validated on a regular cycle.
Our Security Champion program also ensures security knowledge is distributed into all teams.
Stuff you probably want to know
The apps in our portfolio use the Seibert Group EULA for Data Center or Cloud, unless a specific EULA is indicated. Here’s a quick list:
Seibert Group’s EULA for Atlassian Data Center can be found here.
Seibert Group’s EULA For Atlassian Cloud can be found here.
draw.io’s Atlassian Data Center EULA can be found here.
draw.io’s Atlassian Cloud EULA can be found here.
Aura Cloud’s EULA EULA can be found here.
Karma’s Atlassian Cloud EULA can be found here.
Mantra’s Atlassian Cloud EULA can be found here.
Navigation Menu’s EULA for Atlassian Cloud can be found here.
Didit Checklist’s EULA for Atlassian Cloud can be found here.
Templating.app’s EULA for Atlassian Cloud can be found here.
Actonic apps’ EULA can be found here.
Jigo’s EULA for Atlassian Cloud can be found here.
As of March 2025, Atlassian Government Cloud has achieved FedRAMP Moderate Authorization, covering Jira, Confluence, and Jira Service Management. This environment is separate from Atlassian’s standard commercial cloud and is specifically designed to meet U.S. government and regulated industry requirements.
Marketplace apps, including those from Seibert Media, may be compatible with Atlassian Government Cloud, but they are not themselves FedRAMP certified unless explicitly stated. Customers that require FedRAMP compliance will generally expect apps that run directly on Atlassian Government Cloud or that adhere to additional public sector requirements (such as HIPAA or other U.S. government security standards). Our Runs on Atlassian apps run directly on Atlassian Government Cloud.
Cloud apps built on the Forge framework are already hosted by Atlassian’s infrastructure in the country you have chosen. For Cloud apps built on the Connect framework, data residency options vary.
For more details please consult the following links
Aura apps data residency details
Didit Checklist data residency details
draw.io Data residency and data governance details
For our Connect apps, customer data is stored in Germany, under strict security and compliance standards. You can find full details in our Cloud Apps Privacy Policy.
For our Forge apps, customer data is stored in the same country as your Atlassian product.
For general information about how Seibert Group handles website data (e.g., cookies, log files, or third-party providers like Typeform and Hubspot), please refer to our https://go.seibert.group/seibert-group-data-privacy
Access to your data at Seibert Group is strictly controlled and managed under GDPR and internal policies. Only authorized employees and trusted subprocessors may access it for clearly defined purposes, with role-based controls, secure environments, and confidentiality obligations in place. You also retain full rights over your data—including access, correction, deletion, and objection—which you can exercise anytime by contacting our data protection team. For assistance, contact gdpr@seibert.group.
Seibert Group maintains ISO/IEC 27001 certification, which requires annual renewals and full recertification every three years. Our security policies are regularly reviewed and updated to reflect changes in technology, applicable regulations such as GDPR, and emerging security risks. In addition, we conduct formal internal and external audits at least annually to ensure compliance with current best practices and international standards.
Our complete Data Privacy page can be found here. We reserve the right to change this policy without notice at any time when it becomes necessary due to changes in data protection laws or for corporate reasons.
If you have any questions regarding the collection, processing or use of your personal data, information or to correct, block or delete data – where permitted by law – please contact us:
Seibert Group GmbH
Luisenstrasse 37-39
65185 Wiesbaden
Representatives:
Joachim Seibert, Martin Seibert and Sebastian Martini
Contact: datenschutz@seibert.group
Data protection officer
You can contact our data protection officer by e-mail at dsb@seibert.group, by mail at the above address with the addressee “The Data Protection Officer”.
Any questions? We’re happy to help!
Reach out to us through out contact page, or via a help portal for more information.
