Agile Cards is built with safety and security in mind. Here are a few facts which will help you understand its architecture and that using Agile Cards should no impact on your security whatsoever.
...
If you do not wish to have the usage data collected from your instance, you can disable the analytics. Agile Cards depends on the global Jira setting for analytics collection.
...
What data are read and stored by Agile Cards
Agile Cards stores only the data related to the templates configured for its usage. This data contains all the elements of the Agile Cards configuration:
- names of the templates
- templates' layouts
- page layouts
- colors of printed bars
- user key of the last person that has modified the template,
- user key of a template owner,
- and other template settings configurable through the Agile Cards interface
All the data pertaining to the content of the actual issues are read by JavaScript code launched within your browser window. None of the elements of this data is saved nor processed outside of your browser windows and Jira.
Agile Cards provides feedback form that gathers the following data:
- information about person raising the request:
- full name
- IP address
- license SEN
How is data secured?
Agile Cards for Jira Server
The code of Agile Cards is downloaded from Atlassian Marketplace directly to Jira and is never served from any third party servers. This means that all the fundamental safety mechanisms applied by Atlassian to your Jira code and data are also applied to Agile Cards code and data. All the configuration data of Agile Cards is stored on Jira and never leaves them.
Agile Cards for Jira Cloud
The code of Agile Cards is served from secure Spartez infrastructure as presented on the diagram below.
Gliffy name agile-cards-cloud-infrastructure pagePin 5
In Agile Cards for Jira Cloud we stick to the following security guidelines:
- All external incoming or outgoing connections (or connection that go via public network) are made using secure protocol (for example: https,ssh).
If secure protocol cannot be used the sensitive content must be protected by other means. - Every connection, that is crossing network border(external or internal), is protected by at least one security measure (certificate, token, etc).
- No security measure can be used to cross multiple network borders.
For example, if we protect connections to Cloud internal network using Certificate A, then it cannot be used to protect connections to Spartez internal network
...
Agile Cards synchronization algorithm is written in JavaScript. This means that the photo is processed entirely within the browser, and no part of the photo is sent outside of the device you have used to access the Agile Cards. In particular, no part of the photo is processed on your Jira server and no data about the content of the photo is ever sent over to Spartez server.
...
Third Party Service/ Vendor | Purpose | Entity Country | Website |
|---|---|---|---|
AWS Amazon | Cloud service provider | USA, Ireland | |
| Google Analytics | Web Analytics | USA | https://analytics.google.com |
Mailchimp | Email service provider | USA |