Data Security and Privacy Statement
Overview
This document is in addition to the 55 Degrees Privacy document, the 55 Degrees Cloud Products Agreement, and the DPA provided by 55 Degrees and explains how ActionableAgile Analytics stores the data it captures. This document will be updated as new features are added to ActionableAgile.
Data storage terms and data storage location
Your company's subscription data
All subscription data (including PII related to the account holder) is stored in our subscription system, Recurly.
55 Degrees does not have access to the full credit card data in Recurly but does have access to see some information such as the name of the cardholder, last four digits, expiration date, and billing address.
We keep data on your subscription, including information about the subscriber and any additional billing contacts, so we can administer your account.
Information about this subscription is also sent to our CRM and our Customer Success tools so that we can manage the relationship with current and prospective subscribers.
Please read the product documentation and our sub-processor page for further details.
End-User Authentication
We use Google Firebase for user authentication and authorization. We have access to the following for each account created at https://analytics.actionableagile.com in order to provide service to our users:
Identifier (Email Address)
Authentication Provider (User/Password or Google Authentication) but no access to actual user passwords
Created Date
Last logged in date
Unique User ID
We map the Firebase user ids to the subscription and store this mapping in our database. This is how we connect a subscription to an authorized user.
Please read the product documentation and our sub-processor page for further details.
Your company's work data
ActionableAgile Analytics retrieves data from the systems you connect to via our wizards or via an upload of an external file. Once retrieved, the data is stored in the local browser using DOM localStorage in order to improve any future data retrievals. The end-user can at any time empty the localStorage through the ActionableAgile User Interface.
If an end-user uses our OAuth wizards to connect to your work management systems, we retrieve the access token from the OAuth authentication system and store it in an encrypted form in our AWS database for the OAuth token validity time. Once it is the validation time is reached, the token is automatically purged.
At no point is your company's work data retrieved from connected systems and stored on any 55 Degrees servers or databases.
Please read the product documentation and our sub-processor page for further details.
Preferred Vendors
At this time, 55 Degrees utilizes three vendors to provide the functionality within ActionableAgile Analytics:
Google: Google Firebase (Function-as-a-service and Firestore services).
AWS: CloudFront, Lambda, Database, and API Gateway
Recurly (subscription management)
Logging
We make use of sentry.io to collect any javascript errors in the browser. For more details about their security & legal statements - please see https://docs.sentry.io/product/security/
Account removal and data retention
This section explains how a customer can close an account and remove their data from our service.
Customer can cancel their subscription to ActionableAgile analytics and control their billing information. Canceling your subscription sets it to expire at the end of your current billing period. Your account stays open in Recurly, our subscription management system, to allow for easy future subscription purchasing and access to your billing documents.
We can close accounts upon request if all business is concluded with a customer. Even for closed accounts, we maintain the minimum level of required information for tax and accounting purposes according to Swedish law.
Any data stored in the browser's localStorage (for performance reasons) will persist in the browser until the user enters into the ActionableAgile app, at which point it may be expired due to timeliness OR the end-user may choose to clear the localStorage manually.
At any time, the end-user may choose to use the browser controls to clear the localStorage outside of ActionableAgile's user interface.
Please read the product documentation for further details.
Data portability
This section explains if and how a customer can extract their data from your service.
The ActionableAgile Analytics app does not create any new data but rather analyses and visualizes it. Because of this, there is no data stored on our services to extract.
Please read the product documentation for further details.
Application and infrastructure security
This section explains what security measures we've taken in our application and infrastructure.
The 55 Degrees support team accesses app data only for purposes of application health monitoring, performing system updates, application maintenance, and/or upon customer request for support purposes.
Only authorized 55 Degrees employees can access customer subscription data and usage logs.
Customers are responsible for maintaining the security of their own login information.
Communication between the Cloud products and the 55 Degrees servers is done using web requests. All web requests are digitally signed, authenticated, and authorized.
55 Degrees' servers are only accessible through secure protocols (e.g., HTTPS and/or ssh).
Please take a look at our Trust page and read the product documentation for further details.
Security disclosure
This section explains how and under what circumstances we notify our customers about security breaches or vulnerabilities and indicate how a user or security researcher should disclose a vulnerability found in our add-on to us.
Security breaches or vulnerabilities with the proposed solution to the problem are published on our website.
Customers can report security breaches or vulnerabilities via our support portal.
Please read the product documentation for further details.
Privacy
Data collected during the use of ActionableAgile will not be shared with third parties unless required by law. Please see our privacy statement.