Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

We take data security very seriously so we use only trusted service providers with the highest security standards. On this page, you will find details on what data we store, where we store it and how we secure it. If you think something is missing or you have any security related questions please let us know at Spartez Support Portal or support@spartez.com.

Service Providers

Table of Contents
maxLevel2
minLevel2

Status
colourYellow
titlesub-processor
 - providers with this label are our data sub-processors as defined by European General Data Protection Regulation (GDPR)

Heroku

Status
colourYellow
titlesub-processor
 Canned Responses application runs on Heroku environment. Besides the application itself, Heroku stores application access logs that contain user IP, user key, instance URL and user JWT token. These logs are purged after 7 days.

Heroku Postgres

Heroku Postgres stores data provided during the installation handshake. Stored keys authenticate us to clients' instances.

The database is secured using a security mechanism provided by Heroku. See https://www.heroku.com/policy/security#postgres for details.

Stored Data

  • A key that identifies Jira instance.
  • Shared secrets for communication with Jira.

mLab MongoDB

Status
colourYellow
titlesub-processor
 We use Heroku addon mLab MongoDB to store the templates. Each Jira instance uses a separate collection. Only users from particular Jira instance can access the templates from that instance.

The database is backed up every week and 8 last backups are stored.

Stored Data

  • template name and content
  • template creator's user key
  • templates scopes including project ids and user keys
  • template creation and update time
  • client's license SEN

...

Info
titleWe store the minimal amount of data needed to provide our service.

We don't store issue summaries, descriptions, comments nor other sensitive information. We don't store full usernames nor e-mails but we use user keys and project keys provided by Jira instead.

Papertrail

Status
colourYellow
titlesub-processor
 We use Heroku addon Papertrail to store application logs. Logs are in the system for 7 days. Log archives are stored from the last 365 days. Papertrail allows us to detect suspicious patterns in the logs and notify us whenever they are detected which improves our reaction time. It also allows us to analyze application's behavior after an incident occurs. 

Stored Data

  • Access log - web addresses accessed by user browser when communicating with Canned Responses add-on. It includes following data:
    • request date
    • IP address
    • issue id
    • timezone
    • location
    • user key and user id
    • URL that the application was run on (includes Jira URL, JQL query, project key, and issue key)
    • user authorization token
    • browser name and version
  • Application logs - internal application messages that don't contain any personal data.

...

Info
titleWe analyse application logs only to monitor application health and to do post-incident analysis

If you would like us to skip processing logs from your instance, please let us know at support@spartez.com.


Google Analytics

For the better understanding of our clients, we collect anonymous statistics of the add-on usage. These statistics tell us how we should develop our plugin to make our customers happy. 

What is collected

The following table is intended to give you a complete understanding of the policy that we use to collect analytics data.

...