Data Security and Privacy Statement
Overview
This document is in addition to the 55 Degrees Privacy document and the Customer Agreements for Jira Cloud or OnPrem products (including the DPA) provided by 55 Degrees. It explains how ActionableAgile™️ Analytics for Jira stores the data it captures. This document will be updated as new features are added.
Data storage terms and data storage location
The app retrieves data from the customer Jira instance (for example yourinstance.atlassian.net) using the Atlassian provided rest API. Once retrieved, a subset data is stored in the local browser using DOM localStorage in order to improve any future data retrievals. The end-user can at any time empty the localStorage through the User Interface.
Configurations:
Jira Cloud: User configurations are stored in the user’s properties in Jira. For collaborative features such as shared data sets, we store configuration data in AWS. We only store minimal configuration information for creating queries and never any of your Jira issue data.
Jira Data Center: all configurations, user or collaborative, are stored within your Jira instance.
We DO NOT export and store your Jira issue data - EVER.
Please read the product documentation for further details.
Hosting Vendors
Jira Cloud: At this time, 55 Degrees utilizes two vendors to host the functionality within ActionableAgile Analytics for Jira:
DigitalOcean (utilizing the Frankfurt and Amsterdam DataCenters)
Amazon AWS (S3 Global)
Jira Data Center: All actions happen on your local instance and the user's browser.
Logging Vendors
Jira Cloud: We make use of sentry.io to collect any javascript errors in the browser. For more details about their security & legal statements - please see https://docs.sentry.io/product/security/
Jira Data Center: At this time, we do not collect any logs in an automated fashion and rely on the user to assist in any troubleshooting.
Product Analytics Vendors
Jira Cloud: We make use of http://mixpanel.com to gather anonymous, aggregate product usage analytics. If a user consents, we may gather user-specific product usage analytics. All the data collected is subject to our privacy policies.
Jira Data Center: At this time, we do not collect product usage analytics.
In-App Messaging Vendors
Jira Cloud: We utilize a vendor called Product Fruits (EU-based) to provide in-app messaging and help. The service gathers pseudonymized information to count unique monthly active users and interactions with the messaging provided via the service. If a user consents, we may gather additional information in order to create user segments that allow us to give more targeted messaging to the right users in the right place at the right time in order to help them achieve the most value out of the app. All the data collected is subject to our privacy policies.
Jira Data Center: At this time, all messaging done in OnPrem instances is hard coded into our app.
Account removal and data retention
This section explains how a customer can close an account and completely remove their data from our service.
Jira Cloud: A customer can uninstall the app from their Jira instance. Any data stored on the user object will continue to persist on the user entity in Jira Cloud’s database. Configuration data stored in AWS will be deleted according to our data retention policies.
Jira DataCenter: There is currently no data stored externally.
Any data stored in the browser's localStorage (for performance reasons) will persist in the browser until the user enters into the ActionableAgile app, at which point it may be expired due to timeliness OR the end-user may choose to clear the localStorage manually.
At any time, the end-user may choose to use the browser controls to clear the localStorage outside of the user interface.
Please read the product documentation for further details.
Data portability
This section explains if and how a customer can extract their data from your service.
The ActionableAgile for Jira app does not create any new data but rather analyses and visualizes it. Because of this, there is no data stored on our services. Configuration data may be stored and is possible to be migrated. Please contact us at support@55degrees.se for more details.
Please read the product documentation for further details.
Application and infrastructure security
This section explains what security measures we've taken in our application and infrastructure.
The 55 Degrees support team accesses app data only for purposes of application health monitoring, performing system updates, application maintenance, and/or upon customer request for support purposes.
Only authorized 55 Degrees employees to have access to customer data.
Customers are responsible for maintaining the security of their own Confluence and JIRA Cloud login information.
Communication between the Cloud products and the 55 Degrees servers is done using web requests. All web requests are digitally signed, authenticated, and authorized.
55 Degrees' servers are only accessible through secure protocols (e.g. https and/or ssh).
Please read the product documentation for further details.
Security disclosure
This section explains how and under what circumstances we notify our customers about security breaches or vulnerabilities and indicate how a user or security researcher should disclose a vulnerability found in our add-on to us.
Security breaches or vulnerabilities with the proposed solution of the problem are published on the Security Advisories page in our documentation.
Critical vulnerabilities are communicated out to technical contacts of the affected products and to anyone subscribed to the Alerts, Advisories, & Policy Updates mailing list. You can sign up for this mailing list at https://55degrees.se/subscribe.
Customers can report security breaches or vulnerabilities via email to support@55degrees.se.
Please read the product documentation for further details.
Privacy
Data collected during the use of our add-on will not be shared with third parties except if required by law.