Data Practices

We believe you should know exactly what data we access, what we store, and what we never touch. This page is our commitment to full transparency.

No source code. No message text. No ticket descriptions. Ever.

Read-Only Access

All integrations use read-only permissions. Systemi never writes data back to your Jira, GitHub, or Slack.

Minimal Data Collection

We only store metadata needed to compute metrics. No source code, no message text, no ticket descriptions.

Tenant Isolation

Every organization has fully isolated data. Database queries are scoped per-tenant. No cross-organization access is possible.

Self-Hosted Option

For maximum control, deploy Systemi on your own infrastructure. Your data never leaves your network.

Encryption Everywhere

TLS 1.2+ in transit, AES-256 at rest. API credentials are encrypted before storage. Sessions are cryptographically signed.

Full Transparency

This page documents exactly what we access, store, and discard for each integration. No hidden data collection.

Jira

Read-only API access via API token

What We Access

  • Issue metadata (key, type, status, priority, story points)
  • Issue timestamps (created, updated, resolved, started)
  • Issue assignee and reporter IDs
  • Status change history (changelog)
  • Board and project configurations
  • Labels and components

What We Store

  • Issue key, type, status, priority, story points
  • Timestamps for all status transitions
  • Assignee mapping (Jira account ID linked to contributor)
  • Board names and project keys
  • Labels and component names

What We Never Access

  • Issue descriptions or comment text
  • Attachments or embedded files
  • Confluence pages or wikis
  • User passwords or personal settings
  • Billing or account administration data

GitHub

Read-only access via Personal Access Token or GitHub App

What We Access

  • Pull request metadata (title, author, reviewers, status, timestamps)
  • PR review timeline (first review, approval, merge times)
  • PR size metrics (additions, deletions, changed files)
  • Commit metadata (SHA, author, timestamp, file change counts)
  • Repository names and configurations

What We Store

  • PR title, state, author, review timestamps
  • Lines added/deleted and files changed (counts only)
  • Commit SHA, author name, timestamp, change counts
  • Repository name, owner, and default branch

What We Never Access

  • Source code contents or file diffs
  • Repository secrets or environment variables
  • GitHub Actions workflows or logs
  • Issue or PR comment text
  • Organization billing or member settings
  • Private SSH keys or deploy keys

Slack

Bot token with channels:read, channels:history, channels:join (needed so the bot can join public channels and read messages), groups:read, groups:history, users:read, users:read.email; reactions:read optional for reaction counts

What We Access

  • Channel names, topics, and member counts (workspace directory; admins may limit which channels are synced)
  • Message timestamps and thread structure (within a configurable lookback window; thread replies optional, with optional per-run cap on how many threads are expanded per channel)
  • User mentions and channel mentions within messages
  • Jira key references (e.g., PROJ-123) found in messages
  • GitHub URL references found in messages
  • Reaction counts and attachment presence
  • User profiles (name, email for contributor matching)

What We Store

  • Channel name, ID, and member count
  • Message timestamp, thread ID, and whether it is a reply
  • Mentioned user IDs and channel IDs
  • Extracted Jira keys and GitHub URLs (cross-references only)
  • Reaction count per message and attachment flag

What We Never Access

  • Message text content (extracted then immediately discarded)
  • Direct messages or private group messages
  • File uploads or shared documents
  • Slack Connect channels with external organizations
  • User passwords or Slack workspace settings
  • Emoji custom definitions or workspace customizations

How Data Flows Through Systemi

1

API Call

Systemi makes a read-only API call to your Jira, GitHub, or Slack instance.

2

Extract Metadata

We extract only the metadata fields needed for metric computation.

3

Discard Sensitive Data

Source code, message text, and descriptions are immediately discarded.

4

Compute & Store

Metrics are computed and only structured metadata is stored in your isolated tenant database.

Deployment Options

Cloud (SaaS)

Get started in minutes. We host everything — you just connect your tools and go. Encrypted, isolated, and always up to date.

  • Instant setup — no infrastructure needed
  • Automatic updates and maintenance
  • TLS 1.2+ and AES-256 encryption
  • Per-organization data isolation
  • Available on Free, Team, and Business plans

On-Premise / Self-Hosted

Enterprise

Deploy Systemi on your own infrastructure. Your data never leaves your network. Distributed as a Docker image — no source code exposure.

  • Data stays 100% on your infrastructure
  • Deploy via Docker on any cloud or bare metal
  • Your own PostgreSQL database
  • Only outbound traffic: API calls to Jira/GitHub/Slack
  • Full firewall and network audit control
  • Priority support and dedicated onboarding

Have security questions?

We're happy to complete your security questionnaire, join a call with your InfoSec team, or provide additional documentation.

Contact UsSecurity Overview