Agile Cards is built with safety and security in mind. Here are a few facts which will help you understand its architecture and that using Agile Cards should no impact on your security whatsoever.
No impact on data and configuration
Agile Cards make no changes to the data and to the underlying configuration of your JIRA server. Agile Cards connect to the officially exposed APIs and plugin points available within JIRA, but operate in read-only mode.
Analytics
Agile Cards come with in-built analytics. The data collected by Agile Cards is anonymous and pertains We take data security very seriously so we use only trusted service providers with the highest security standards. On this page, you will find details on how we secure our clients' data. If you think something is missing or you have any security related questions please let us know at Appfire Support Portal or support@appfire.com.
Analytics
Agile Cards come with inbuilt analytics. The data collected by Agile Cards pertains only to the statistical usage of the add-on. It helps the team at Spartez optimise the product team optimize the solution and implement even better future versions.
If you do not wish to have the anonymous usage data collected from your instance, you can disable the analytics. Agile Cards depends on the global JIRA Jira setting for analytics collection.
...
What data are read and stored by Agile Cards
Agile Cards stores only the data related to the templates configured for its usage. This data contains all the elements of the Agile Cards configuration:
...
Issue data
All the data pertaining to the content of the actual issues are read by JavaScript code launched within your browser window. None of the elements of this data is saved nor processed outside of your browser windows and JIRA. That means that the team at Spartez has no physical means of seeing and accessing your data (even if you asked us to do so during the support call). This pertains to both the backlog, boards, search queries, issues as well as all the attachments stored in JIRA.
Where is the data stored?
If you are using JIRA Server (on-premises) all the configuration data of Agile Cards is stored on JIRA and never leaves them.
If you are using JIRA Cloud (on-demand) then the configuration of Agile Cards is stored securely on Spartez server and is provided to the add-on per request.Jira.
Template settings
Agile Cards stores only data related to templates configuration:
- names of templates
- user key of the last person that has modified a template,
- user key of a template owner,
- template settings configurable through the Agile Cards interface
Feedback form
Agile Cards provides feedback form that gathers the following data:
- feedback content
- information about person raising the request:
- full name
- information about license
- license SEN
- plugin version
- license type (paid/evaluation)
- hosting (server/cloud)
Provided feedback is handled using Appfire Support portal.
How is data secured?
Agile Cards for Jira Server
The code of Agile Cards is downloaded from Atlassian Marketplace directly to JIRA Jira and is never served from any third party servers. This means that all the fundamental safety mechanisms applied by Atlassian to your JIRA Jira code and data are also applied to Agile Cards code and data. All the configuration data of Agile Cards is stored on Jira and never leaves it.
Agile Cards for Jira Cloud
Agile Cards Cloud server is hosted on Google Cloud. All the configuration data .
How does the scanner process the photo?
Agile Cards scanner is also stored in Google Cloud in europe-west3 location. We stick to the following security guidelines while working with Cloud infrastructure:
- All external incoming or outgoing connections (or connection that go via public network) are made using secure protocol (for example: https, ssh).
If secure protocol cannot be used the sensitive content must be protected by other means. - Every connection, that is crossing network border(external or internal), is protected by at least one security measure (certificate, token, etc).
- No security measure can be used to cross multiple network borders.
For example, if we protect connections to Cloud external network using Certificate A, then it cannot be used to protect connections to Cloud internal network.
How does Agile Cards synchronization work?
Agile Cards synchronization algorithm is written in JavaScript. This means that the photo is processed entirely within the browser, and no part of the photo is sent outside of the device you have used to access the Agile Cards. In particular no In particular, no part of the photo is processed on your JIRA Jira server and no data about the content of the photo is ever sent over to Spartez serverto our servers.
Legal
...
Services providers
We may use the following Subprocessors in the Processing of Client Personal Data related to Agile Cards for Jira.
Personal data subprocessors in Agile Cards for JIRA Cloud
- Google Cloud - application hosting, data storage and infrastructure for feedback form
Other services used in Agile Cards for JIRA Server and Cloud
- Google Analytics - analytics service