Data Security and Privacy Statement

Overview

This document is in addition to the 55 Degrees Privacy document, the 55 Degrees Atlassian App EULA and the DPA(available upon request) provided by 55 Degrees and explains how Inspekt for Jira stores the data it captures. This document will be updated as new features is added to Inspekt.

Data storage terms and data storage location

Inspekt for Jira stores data in the customer Jira instance (for example yourinstance.atlassian.net) using Content Properties.
In addition to this, 55 Degrees maintains a database that contains basic information about the instances using our preferred vendors (see below).
All customer specific data that is calculated/derived from customer data is stored on the Jira instance.
We do not store any user data(personal information or any similar data) in either the Jira instance or in the 55 Degrees database).
Please read the documentation of the product for further details.

Backups

This section explains our backup and recovery policy for customer data.

The 55 Degrees database is backed up using technologies provided by the appropriate vendor.
Backups are done once a day and are purely for disaster recovery purposes.
Backups are removed after 35 days.

Preferred Vendors

At this time, 55 Degrees utilizes 2 vendors to provide the functionality of Inspekt for Jira:

DigitalOcean (utilizing the Frankfurt and London DataCenters)
Amazon AWS (Nordic region)

Account removal and data retention

This section explains how a customer can close an account and completely remove their data from our service.

A customer can uninstall the Inspekt for Jira app from their Jira instance. At this point, any data contained with the 55 Degrees database is removed.
Any calculated data (Flow efficiency per issue, issue type) persists in the Jira instance until the issue and/or project is deleted.
Customer account information is retained by 55 Degrees for 30 days, after this period account information is unrecoverable deleted.
Please read the documentation of the product for further details

Data portability

This section explains if and how a customer can extract their data from your service.

Any data that is stored on the Jira instance can be retrieved using Atlassian provided rest api calls to request the content properties on the associated issues. The content properties are name spaced using lagom-.
Please read the documentation of the product for further details.

Application and infrastructure security

This section explains what security measures we've taken in our application and infrastructure.

The 55 Degrees support team accesses app data only for purposes of application health monitoring, performing system updates, application maintenance, and/or upon customer request for support purposes.
Only authorized 55 Degrees employees have access to customer data.
Customers are responsible for maintaining the security of their own Confluence and JIRA Cloud login information.
Communication between the Cloud products and the 55 Degrees server's are done using web requests. All web requests are digitally signed, authenticated and authorized.
55 Degrees' servers is only accessible through secure protocols (e.g. https and/or ssh).
Please read the documentation of the product for further details.

Security disclosure

This section explains how and under what circumstances we notify our customers about security breaches or vulnerabilities and indicate how a user or security researcher should disclose a vulnerability found in our add-on to us.

Security breaches or vulnerabilities with the proposed solution of the problem are published on our website.
Customers can report security breaches or vulnerabilities using support@55degrees.se e-mail address.
Please read the documentation of the product for further details.

Privacy

Data collected during the use of our add-on will not be shared with third parties except if required by law.