Privacy & Security

Logging

Why does it say End-User Data accessed in logs in the Privacy & Security tab on marketplace?

The only End-User data use to log is Atlassian Account

End-User Data processed and/or stored in logs outside of Atlassian products and services

End-User Data in logs shared with third-party entities

End-User Data in logs shared with third party entities integral for app functionality

We use Atlassian’s Forge platform to host and run our app on Atlassian’s AWS infrastructure. We do not export any data out from the logs to any other third-party entities or services.

Storage

Data residency

As we are running everything on Atlassian’s infrastructure, we support the data-residency options that Atlassian has on their products. If you have any of Atlassian’s premium offerings you can pin our apps to your preferred Atlassian supported region

Data-retention

These are currently controlled by Atlassian as we are using their Forge SQL and Forge Key-value Storage (KVS).

• The policy here is that all of our data is stored for 28 days after uninstallation in Atlassian’s servers. After this it will be permanently removed.

When the app is uninstalled

• The policy here is that all of our data is stored for 28 days after uninstallation in Atlassian’s servers. After this it will be permanently removed.

• If you uninstall our app, Atlassian will soft delete the app data. If you need it back, contact us within 21 days.

We store the following data

• API Keys and credentials [encrypted]

• User data

  • Name - used for displaying in user table

  • Email - used for display in user table and for creating email based cleanup rules

  • Last product activity for each product

  • Added to org date

  • AccountId

  • Group memberships

• Groups

  • Name - for displaying in different parts of the app

  • groupId

  • Group roles - for finding what users have access to what product

  • [Optional] Group source - used for enabling IDP integration features

• App configuration - everything found in our settings page

• Scheduled cleanup configurations

• Cleanup logs

  • List of all users matching a cleanup rule, the affected users, and failed users.

• Dashboard reports

  • Aggregated reports shown on the dashboard

• Organization specific data

  • Is using new or old user management experience

  • managed domains - Used for finding out what users are managed or not based on email

  • What products the organization has enabled

• Batch job data