©2017 by AGILIST.Ai Pty Ltd

DATA SECURITY AND PRIVACY

Transparency and confidence

 

INFORMATION ON DATA SECURITY AND PRIVACY

What is accessed

  • Applicaiton uses Atlassian Connect REST API over users’s session. The user can access only data that he/she are permissioned to see in Jira itself.

  • All processing (for instance presentation in the grid, analysis of issue links, etc) is done within the client browser session; There is NO logic at all on the server side; Server only has database controllers for retrieving stored preferences


What data is stored

The following data is stored:

  • Add-on configuration options

  • Audit records of processed batch transactions

  • Personal preferences are maintained only by storing a non-identifiable account ID. Any personal information (names, emails, etc.) are NOT stored.

  • Jql query strings (this is stored for user convenience and used to build a grid of data for various functional purposes, such as a timeline Gantt) ; all jql strings are hashed with a salt in the database

  • In the case of a timeline Gantt, the application stores only issuekeys (e.g. ABC-11111); no other data from tickets is stored

  • templates of ticket set are configured and simply entail a configuration of issuetype name plus a set of field names; user may supply default values for fields at their discretion

  • Add-on administrators can purge data any time. The data is also purged when the service unsubscribed.

  • The data is stored in a secure cloud database. JQL preference options are encrypted.

Jurisdiction and Geo Location of Data

  • Applicaiton GCP host Region: us-central

  • Database GCP Region: us-central

People and Access Policies

  • Applicaiton uses Atlassian Connect REST API over users’s session.

  • The user can access only data that he/she are permissioned to see in Jira.

  • All data processing happens within user’s browser client session.

  • Preferences and retro notes data stored in the cloud database can only be accessed by authorised users.

Backups

  • Cloud database with preferences and retro notes is configured for 24 hour backups

Privacy and GDPR compliance

  • Neelix Task Manager does NOT store any person identifiable information. User preferences are saved only by the means of accountId issued by Atlassian (see more GDPR notes here).

  • Created Jira tickets are subject to standard privacy controls configured in your instance of Jira.

  • Data owned associated with your license can be self-deleted at any time

Vulnerability Management

  • See Security Vulnerability Process