Data Security and Privacy Statement
Overview
This document is in addition to the 55 Degrees Privacy document, the 55 Degrees Product EULA and the DPA (available upon request) provided by 55 Degrees and explains how Portfolio forecaster stores the data it captures. This document will be updated as new features are added to Portfolio forecaster.
Data storage terms and data storage location
Portfolio forecaster retrieves data from the customer Jira instance (for example yourinstance.atlassian.net) using the Atlassian provided rest API.
We store configuration, computed data for the simulations on our servers. For more information - please see More about what we store in AWS . All data is stored encrypted at rest and transfer.
Please read the product documentation for further details.
Preferred Vendors
Amazon AWS (for compute and storage)
Pusher.com (for in app notification of when simulations have been processed).
Logging
Jira Cloud: We make use of sentry.io and Datadog to collect any javascript errors in the browser. For more details about their security&legal statements - please see https://docs.sentry.io/product/security/ and https://www.datadoghq.com/legal/
Product Analytics Vendors
Jira Cloud:
We make use of http://mixpanel.com to gather anonymous, aggregate product usage analytics.
If a user consents, we may gather user-specific product usage analytics.
Even when a user consents, we store a hashed version of their Jira User ID as we have no need to identify the specific user, only to know that the actions resulting from that user belong to an individual.
All the data collected is subject to our privacy policies.
Jira Data Center: At this time, we do not collect product usage analytics.
In-App Messaging Vendors
Jira Cloud:
We utilize a vendor called Product Fruits (EU-based) to provide in-app messaging and help. The service gathers pseudonymized information to count unique monthly active users and interactions with the messaging provided via the service.
If a user consents, we may gather additional information in order to create user segments that allow us to give more targeted messaging to the right users in the right place at the right time in order to help them achieve the most value out of the app.
All the data collected is subject to our privacy policies.
Account removal and data retention
This section explains how a customer can close an account and completely remove their data from our service.
A customer can uninstall the app from their Jira instance. Data stored in AWS will be deleted according to our data retention policies.
Please read the product documentation for further details.
Application and infrastructure security
This section explains what security measures we've taken in our application and infrastructure.
The 55 Degrees support team accesses app data only for purposes of application health monitoring, performing system updates, application maintenance, and/or upon customer request for support purposes.
Only authorized 55 Degrees employees to have access to customer data.
Customers are responsible for maintaining the security of their own Confluence and JIRA Cloud login information.
Communication between the Cloud products and the 55 Degrees servers are done using web requests. All web requests are digitally signed, authenticated, and authorized.
55 Degrees' servers are only accessible through secure protocols (e.g. https and/or ssh).
Please read the product documentation for further details.
Security disclosure
This section explains how and under what circumstances we notify our customers about security breaches or vulnerabilities and indicate how a user or security researcher should disclose a vulnerability found in our add-on to us.
Security breaches or vulnerabilities with the proposed solution of the problem are published on our website.
Customers can report security breaches or vulnerabilities using support@55degrees.se e-mail address.
Please read the product documentation for further details.
Privacy
Data collected during the use of our add-on will not be shared with third parties except if required by law.