Personal data protection
There are several regulations that are enforced by various governing bodies that define rules for the protection of personal data. One of the latest is the European Union’s General Data Protection Regulation (GDPR). This regulation applies to the storage and processing of information that can be used to identify an individual, whether directly or indirectly.
Types of personal data
Since the License Vault requires authorization through JetBrains Hub, it collects some personal data. Moreover, due to this integration data is collected by both License Vault and JetBrains Hub.
The License Vault itself stores the end user's information:
machine ID, and
OS hostname. It also stores some usage statistics:
allocated licensesstatistics to make reports.
JetBrains Hub collects some personal data to identify users, specifically
email address, and other user information. To view the full list with descriptions, see Personal Data in Hub. Some data stored in JetBrains Hub is also connected to the License Vault directly, namely
Data access and encryption
License Vault Databases are only available within a trusted subnet without public access. Access is controlled by IAM policies.
We encrypt data both at rest and in transit.
Data at rest is stored in an encrypted RDS instance on AWS. Backups and snapshots are also stored using AWS services and encrypted. To find more information on RDS encryption, see Amazon documentation regarding this topic.
When data is in transit between application code and RDS instances, it is also encrypted. We use SSL connections to ensure security, plain unsecure connections are prohibited.
IDEs that you use only establish temporary connections to License Vault. License Vault establishes connections:
With the JetBrains HUB instance associated with your account to acquire authenticated user details.
With account.jetbrains.com to acquire up-to-date license information.
See the diagram below to better understand what connections are established when using License Vault.
1. IDE establishes connection to the License Server
2. IDE opens browser to perform authentication
3. JetBrains HUB opens to perform company authentication
4. User authenticates with company authentication provider
5. IDE connects to the License Server using authentication token from JetBrains HUB
6. License Server verifies the token with JetBrains HUB
7. License Server provides a license to IDE
R. IDE periodically refreshes authentication token
Both License Vault and RDS instances are located in the
eu-west-1 region in AWS. JetBrains Hub data is also stored in the