Data Security and Privacy Statement

Owned by Daniel Wester
Last updated: Jun 18, 2021 by Julia Wester

Overview

This document is in addition to the 55 Degrees Privacy document, the 55 Degrees App EULA and the DPA (available upon request) provided by 55 Degrees and explains how ActionableAgile for Azure DevOps stores the data it captures. This document will be updated as new features are added to ActionableAgile.

Data storage terms and data storage location

  • ActionableAgile for Azure DevOps retrieves data from the systems you connect to via our wizards or via an upload of an external file. Once retrieved, the data is stored in the local browser using DOM localStorage and/or sessionStorage in order to improve any future data retrievals. The end-user can at any time empty the localStorage and SessionStorage through the ActionableAgile User Interface.

  • At no point is any customer-specific data retrieved and stored on any 55 Degrees servers (with the exception of subscriber data - see below).

  • We do not store any user data (personal information or any similar data) in the 55 Degrees database (with the exception of subscriber data - see below).

  • Please read the product documentation for further details.

Subscription data and data storage

  • All of subscription data (PII related to the account holder) is stored in our subscription system, Recurly. 55 Degrees does not have access to the full credit card data in Recurly but does have access to see some information such as name of cardholder, last 4 digits, expiration date and billing address.

  • We map the Azure ID to the subscription and store this mapping in 55 Degrees. Azure IDs are only resolvable at the time of page request to verify access or to show the subscription owner any managed users. Read more.

Preferred Vendors

At this time, 55 Degrees utilizes 2 vendors to provide the functionality within ActionableAgile for Azure DevOps:

  • Google Firebase (Function-as-a-service and firestore services)

  • Recurly (subscription management)

Logging

We make use of sentry.io to collect any javascript errors in the browser. For more details about their security & legal statements - please see https://docs.sentry.io/product/security/

Account removal and data retention

This section explains how a customer can close an account and remove their data from our service.

  • A customer can cancel their subscription to ActionableAgile and control their billing information. Canceling your subscription sets it to expire at the end of your current billing period. Your account stays open in Recurly, our subscription management system, to allow for easy future subscription purchasing and access to your billing documents. We can close accounts if all business is concluded with a customer. Even for closed accounts we maintain required information for tax and accounting purposes according to Swedish law.

  • Any data stored in the browsers localStorage (for performance reasons) will persist in the browser until the user enters into the ActionableAgile app at which point it may be expired due to timeliness OR the end-user may choose to manually clear the localStorage.

  • At any time the end-user may choose to use the browser controls to clear the localStorage outside of ActionableAgile’s user interface.

  • Please read the product documentation for further details.

Data portability

This section explains if and how a customer can extract their data from your service.

  • The ActionableAgile Analytics app does not create any new data but rather analyses and visualizes it. Because of this there is no data stored on our services.

  • Please read the product documentation for further details.

Application and infrastructure security

This section explains what security measures we've taken in our application and infrastructure.

  • The 55 Degrees support team accesses app data only for purposes of application health monitoring, performing system updates, application maintenance, and/or upon customer request for support purposes.

  • Only authorized 55 Degrees employees to have access to customer subscription data and usage logs.

  • Customers are responsible for maintaining the security of their own login information.

  • Communication between the Cloud products and the 55 Degrees servers are done using web requests. All web requests are digitally signed, authenticated, and authorized.

  • All deployments are handled through a central CI/CD change and are only accessible through secure protocols (e.g. https and/or ssh).

  • Please read the product documentation for further details.

Security disclosure

This section explains how and under what circumstances we notify our customers about security breaches or vulnerabilities and indicate how a user or security researcher should disclose a vulnerability found in our add-on to us.

  • Security breaches or vulnerabilities with the proposed solution of the problem are published on our website.

  • Customers can report security breaches or vulnerabilities using support@55degrees.se e-mail address.

  • Please read the product documentation for further details.

Privacy

Data collected during the use of ActionableAgile will not be shared with third parties except if required by law.