Help

Personal data protection

There are several regulations that are enforced by various governing bodies that define rules for the protection of personal data. One of the latest is the European Union’s General Data Protection Regulation (GDPR). This regulation applies to the storage and processing of information that can be used to identify an individual, whether directly or indirectly.

Due to GDPR, users can download their personal data and request to erase it.

Types of personal data

Since the License Vault requires authorization through JetBrains Hub, it collects some personal data. Moreover, due to this integration data is collected by both License Vault and JetBrains Hub.

  • The License Vault itself stores the end user's information: username (login email), IP addresses, machine ID, and OS hostname. It also stores some usage statistics: product codes, versions, build numbers and allocated licenses statistics to make reports.

  • JetBrains Hub collects some personal data to identify users, specifically full name, login, email address, and other user information. To view the full list with descriptions, see Personal Data in Hub. Some data stored in JetBrains Hub is also connected to the License Vault directly, namely group memberships.

Data access and encryption

License Vault Databases are only available within a trusted subnet without public access. Access is controlled by IAM policies.

We encrypt data both at rest and in transit.

  • Data at rest is stored in an encrypted RDS instance on AWS. Backups and snapshots are also stored using AWS services and encrypted. To find more information on RDS encryption, see Amazon documentation regarding this topic.

  • When data is in transit between application code and RDS instances, it is also encrypted. We use SSL connections to ensure security, plain unsecure connections are prohibited.

Connections

IDEs that you use only establish temporary connections to License Vault. License Vault establishes connections:

  • With the JetBrains HUB instance associated with your account to acquire authenticated user details.

  • With account.jetbrains.com to acquire up-to-date license information.

See the diagram below to better understand what connections are established when using License Vault.

License Vault connections diagram
  • 1. IDE establishes connection to License Vault

  • 2. IDE opens browser to perform authentication

  • 3. JetBrains HUB opens to perform company authentication

  • 4. User authenticates with company authentication provider

  • 5. IDE connects to License Vault using authentication token from JetBrains HUB

  • 6. License Vault verifies the token with JetBrains HUB

  • 7. License Vault provides a license to IDE

  • R. IDE periodically refreshes authentication token

Regions

Both License Vault and RDS instances are located in the eu-west-1 region in AWS. JetBrains Hub data is also stored in the eu-west-1 region.

See JetBrains Privacy Policy to learn more. If you have any questions related to personal data protection, please contact us at privacy@jetbrains.com.

Last modified: 17 November 2022