Versions Compared

Old Version 55

changes.mady.by.user Roman Lutsiv [Appfire]

Saved on

compared with

New Version 56

changes.mady.by.user Roman Lutsiv [Appfire]

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Excerpt
Info

...

Agile Poker Cloud

This part of the documentation relates to Agile Poker - estimation tool for Jira Cloud. If

...

you use Jira Server go to the Agile Poker - estimation tool for Jira Server documentation.

We take data security very seriously so we use only trusted service providers with the highest security standards. On this page, you will find details on how we secure our clients' data. If you think something is missing or you have any security related questions please let us know at Appfire Support Portal or support@appfire.com.

Services providers

Table of Contents
maxLevel2
minLevel2

Status
colourYellow
titlesub-processor
 - providers with this label are our data sub-processors as defined by European General Data Protection Regulation (GDPR)

...

Status
colourYellow
titlesub-processor
 Firebase is a real-time shared database. We use it to synchronize session data in real time between users.

Stored data

  • Jira instance URL

  • Jira client key (tenant Id)

  • Shared secrets for communication with Jira

  • Jira board Id used for the estimation session(s)

  • Account ids of users (estimation session participant, moderators, observers, users that modified any of session properties)

  • Ids of Jira issues (active issue, voted issues, issues selected in the filter, reference issues)

  • Estimation votes and comments of users per issue

  • Session state (e.g. open/closed flag, timer state)

Security

Firebase database is secured using Firebase security rules. Each user in your Jira instance has access to all data listed in section Stored data for all your poker sessions. Anonymous users and users from different Jira instances do not have access to your data. We also store 30 daily backups of this database.

Info

...

We store the minimal amount of data needed to provide our service.

We don't store issue summaries, descriptions, comments nor other sensitive information. We don't store users' full names nor e-mails but we use user keys provided by Jira which can contain them.

Bugsnag

Status
colourYellow
titlesub-processor
 Bugsnag is a tool for reporting of in-browser errors. It allows us to fix errors before people report them to us.

Stored data

  • Jira client key

  • Board id

  • User IP address

  • User language

  • User browser information (browser, version, locale, operating system, user agent)

Amazon Web Services

Status
colourYellow
titlesub-processor
 We use AWS to send email notifications to participants (i.e. about asynchronous session start)

Stored data

  • User display name

  • User email address

  • Board id

  • Board name

Papertrail

Status
colourYellow
titlesub-processor
 We use Heroku addon Papertrail to store application logs. Logs are in the system for 14 days. Log archives are stored from the last 365 days. Papertrail allows us to analyze application's behavior after an incident occurs. 

Stored Data

  • Access log - web addresses accessed by user browser when communicating with Agile Poker add-on. It includes the following data:

    • request date

    • IP address

    • issue id

    • timezone

    • location

    • user key

    • URL that the application was run on (includes Jira URL, JQL query, project key, and issue key)

    • user authorization token

    • browser name and version

  • Application logs - internal application messages that don't contain any personal data.

Info
title

We analyse application logs only to monitor application health and to do post-incident analysis

If you would like us to skip processing logs from your instance, please let us know at support@appfire.com

...

This table is not intended to list all the possible events collected by the add-on. It is however intended to list all rules and exceptions from those rules so that you are able to assess whether something can be collected or not. 

Data type

Comments

User interface and usage

Displaying and interacting with all components and pages added by Agile Poker including:

  • Session picker and All session pages

  • Agile Poker Interactive, Asynchronous, Relative, and Bucket Sizing sessions pages

  • Sessions' creation and configuration pages

  • "What's new?" dialog

Interacting means clicking on the components or changing their state.

Flags and statistics

We collect boolean flags and statistic numbers from entered data. This applies to data gathered via add-on components or pages (including configuration and usage pages). For example:

  • Async session started

  • The timer started/stopped

  • index of selected estimate value (actual value is excluded)

  • If and when user interrupted introduction tour

Flags and statistics do not contain any user-created data.

Context

We collect a few general context values from Jira.

  • license type (evaluation/paid)

Context parameters do not contain any user-created data.

title
Info

What is not collected

In Google Analytics we do not collect any data but the minimal and anonymous data based on the rules described above. In particular, we do not collect any information about users, issues, values of comments, or any identifiable information about the Jira instance itself.

...