Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Panel
panelIconIdatlassian-info
panelIcon:info:
panelIconText:info:
bgColor#F4F5F7

This page is about Agile Poker for Jira Cloud. Using Data Center? Click here.

Ensuring the security of our clients' data is of utmost importance to us. That's why we collaborate exclusively with trusted service providers who adhere to the highest security standards. On this page, you will find comprehensive information about our robust data security measures.

If you have any concerns or inquiries regarding security, please don't hesitate to reach out to us via the Appfire Support Portal or by emailing support@appfire.com.

Data residency

Agile Poker for Jira Cloud data is stored and processed in the Google Cloud Platform. You can choose to store your data in one of the following regions:

  • europe-west1 (Belgium)

  • us-central1 (Iowa, United States)

  • asia-southeast1 (Singapore)

By default, Agile Poker will store your data in the same region as your Jira instance. If your Jira region changes, you can request to move Agile Poker data to match. For a detailed overview of data residency options, please visit our Data residency documentation.

Key types of data stored based on data residency include:

  • Project IDs

  • Issue IDs

  • Agile Poker session data (e.g., session names, votes, comments)

  • Email invitations and Slack messages created during session configuration

Service providers

Status
colourYellow
titlesub-processor
 – providers with this label are our data sub-processors as defined by European General Data Protection Regulation (GDPR).

Heroku 

Google Cloud 

Status
colourYellow
titlesub-processor
 Agile Poker for Jira Cloud runs on the Heroku Google Cloud environment. In addition to the application itself, Heroku Google Cloud stores application access logs, which include user IP, user key, instance URL, and user JWT token. These logs are purged after 365 30 days. 

🎯 Index

Stored data

  • Access log – web addresses accessed by the user browser when communicating with the Agile Poker add-on. It includes the following data:

    • request date

    • IP address

    • timezone

    • location

    • user key

    • URL that the application was run on (includes Jira URL, JQL query, project key, and issue key)

    • user authorization token

    • browser name and version

    • project IDs, issue IDs

    • Agile Poker session names

    • comments sent during Asynchronous sessions

    • email invitations and Slack messages created while configuring a session

  • Application logs – internal application messages that don't contain any personal data.

On this page:

Table of Contents

Firebase 

Status
colourYellow
titlesub-processor
 Firebase is a real-time shared database. We use it to synchronize session data in real time between users.

Stored data

  • Jira instance URL

  • Jira client key (tenant ID)

  • Shared secrets for communication with Jira

  • Jira board Id used for the estimation session(s)

  • Account ids of users (estimation session participants, moderators, observers, users that modified any of session properties)

  • Ids of Jira issues (active issues, voted issues, issues selected in the filter, reference issues)

  • Estimation votes and comments of users per issue

  • Session state (e.g., open/closed flag, timer state)

Security

The Firebase database is secured using Firebase security rules. Each user in your Jira instance has access to all data listed in the Stored data section for all your poker sessions. Anonymous users and users from different Jira instances do not have access to your data. Additionally, daily backups of the database are stored for 30 days.

Panel
panelIconIdatlassian-note
panelIcon:note:
bgColor#F4F5F7

We store the minimal amount of data needed to provide our service. We don't store issue summaries, descriptions, comments, or other sensitive information. We don't store users' full names or e-mails emails but we use user keys provided by Jira, which may include these details.

Bugsnag

Status
colourYellow
titlesub-processor
 Bugsnag is a tool for reporting in-browser errors. It allows us to fix errors before customers report them to us.

Stored data

  • Jira client key

  • Board ID

  • User IP address

  • User language

  • User browser information (browser, version, locale, operating system, user agent)

Amazon Web Services (AWS)

Status
colourYellow
titlesub-processor
 We use AWS to send email notifications to participants (i.e. when the asynchronous session starts).

Stored data

  • User display name

  • User email address

  • Board id

  • Board name

Papertrail

Status
colourYellow
titlesub-processor
 We use the Heroku add-on Papertrail to store application logs, which are stored in the system for 14 days. Log archives are stored from the last 365 days. Papertrail allows us to analyze the application's behavior after an incident occurs. 

Stored data

  • Access log – web addresses accessed by the user browser when communicating with the Agile Poker add-on. It includes the following data:

    • request date

    • IP address

    • issue id

    • timezone

    • location

    • user key

    • URL that the application was run on (includes Jira URL, JQL query, project key, and issue key)

    • user authorization token

    • browser name and version

  • Application logs – internal application messages that don't contain any personal data.

Panel
panelIconIdatlassian-note
panelIcon:note:
bgColor#F4F5F7

We analyze application logs only for the purpose of monitoring application health and doing post-incident analysis. If you’d like us to skip processing logs from your instance, please let us know at Appfire Support Portal or support@appfire.com.

Google Analytics

For a better understanding of our clients, we collect anonymous statistics on plugin usage. These statistics tell us how we should develop our plugin to make our clients happy. 

What is collected

The following table provides a comprehensive overview of the analytics data collection policy we employ.

This table is not intended to list all the possible events collected by the add-on. It is, however, intended to list all rules and exceptions from those rules so that you are able to assess whether something can be collected or not. 

Data type

Comments

User interface and usage

When displaying and interacting with Agile Poker's components and pages, including but not limited to:

  • Session picker and All session pages

  • Interactive, Asynchronous, Relative, and Bucket Sizing sessions pages

  • Sessions' creation and configuration pages

  • What's new? dialog

Interacting means clicking on the components or changing their state.

Flags and statistics

We collect boolean flags and statistical numbers from the entered data. This pertains to data obtained through add-on components or pages, including configuration and usage pages. For example:

  • Asynchronous session started

  • The timer started/stopped

  • Index of selected estimate value (actual value is excluded)

  • If and when user interrupted introduction tour

Flags and statistics do not contain any user-created data.

Context

We collect a few general context values from Jira, such as the license type (evaluation/paid).

Context parameters do not contain any user-created data.

What is not collected

In Google Analytics, we only collect minimal and anonymous data in accordance with the rules outlined above. Specifically, we do not gather any information about users, issues, values of comments, or any identifiable information about the Jira instance itself.

Disabling Google Analytics

We highly recommend keeping Google Analytics enabled as it allows us to utilize anonymous usage statistics to enhance Agile Poker for Jira Cloud and better meet the needs of our clients. However, if you still wish to disable Google Analytics, you can find instructions on how to do so on the Global Settings page.