DATA SECURITY AND PRIVACY
Transparency and confidence
INFORMATION ON DATA SECURITY AND PRIVACY
What is accessed
Applicaiton uses Atlassian Connect REST API over users’s session. The user can access only data that he/she are permissioned to see in Jira itself.
All processing (for instance presentation in the grid, analysis of issue links, etc) is done within the client browser session; There is NO logic at all on the server side; Server only has database controllers for retrieving stored preferences
What data is stored
The following data is stored:
Add-on configuration options
Audit records of processed batch transactions
Personal preferences are maintained only by storing a non-identifiable account ID. Any personal information (names, emails, etc.) are NOT stored.
Jql query strings (this is stored for user convenience and used to build a grid of data for various functional purposes, such as a timeline Gantt) ; all jql strings are hashed with a salt in the database
In the case of a timeline Gantt, the application stores only issuekeys (e.g. ABC-11111); no other data from tickets is stored
templates of ticket set are configured and simply entail a configuration of issuetype name plus a set of field names; user may supply default values for fields at their discretion
Add-on administrators can purge data any time. The data is also purged when the service unsubscribed.
The data is stored in a secure cloud database. JQL preference options are encrypted.
Jurisdiction and Geo Location of Data
Applicaiton GCP host Region: us-central
Database GCP Region: us-central
People and Access Policies
Applicaiton uses Atlassian Connect REST API over users’s session.
The user can access only data that he/she are permissioned to see in Jira.
All data processing happens within user’s browser client session.
Preferences and retro notes data stored in the cloud database can only be accessed by authorised users.
Cloud database with preferences and retro notes is configured for 24 hour backups
Privacy and GDPR compliance
Neelix Task Manager does NOT store any person identifiable information. User preferences are saved only by the means of accountId issued by Atlassian (see more GDPR notes here).
Created Jira tickets are subject to standard privacy controls configured in your instance of Jira.
Data owned associated with your license can be self-deleted at any time
See Security Vulnerability Process