Data policy (v2)

We take data security very seriously, so we use only trusted service providers with the highest security standards. On this page, you will find details on what data we store, where we store it, and how we secure it. If you think something is missing or you have any security-related questions, please let us know at Appfire Support Portal or support@appfire.com.

Service Providers

SUB-PROCESSOR – The providers with this label are our data sub-processors as defined by European General Data Protection Regulation (GDPR).

Google Cloud Platform

SUB-PROCESSOR Canned Responses app runs on Google Cloud Platform (GCP) and serves traffic from two regions:

  1. us-east1 (South Carolina, the U.S.)

  2. europe-west3 (Frankfurt, Germany)

The region is chosen automatically for each user based on their location (the nearest server will handle the request). Except for logs (see below), we do not store any other data in those GCP regions directly.

Logging

Besides the application itself, GCP stores server logs that contain the following information:

  • Access logs – web addresses accessed by the user's browser when communicating with Canned Responses app. It may include any of the following data:

    • Browser name and version

    • URL that the application was run on (includes Jira URL, JQL query, project key, and issue key)

    • Request date

    • IP address

    • Timezone

    • Location

    • Jira issue ID

    • Jira Project ID

    • Jira user account ID

  • Application logs – internal application messages that don't contain any personal data.

These logs are purged after 30 days.

MongoDB Atlas

SUB-PROCESSOR We use MongoDB Atlas to store the Canned Responses templates and other app data (e.g., configuration, usage statistics). MongoDB cluster is provisioned on top of GCP as well, and physical servers are spread across several locations in the U.S.

Customer data is isolated at MongoDB's collection level. So only the authorized users from a particular Jira Cloud instance can access the templates and other information for that instance.
Data is encrypted in transit/transport (TLS) and at rest – see MongoDB Data Encryption for details.

The database is backed up daily and weekly, and up to eight previous backups are stored.

Stored Data

  • Shared secrets for communication with Jira

  • Key that identifies Jira instance

  • App license information

  • Template name and content

  • Template creator's account ID

  • Templates scopes including project ids and user account ID

  • Template creation and update time

  • Template action configuration

  • Template usage statistics

  • Scheduled comments

We store the minimal amount of data needed to provide our service.

We don't store issue summaries, descriptions, comments, or other sensitive information. We don't store full usernames or emails, but we use user account IDs and project IDs provided by Jira instead.

Bugsnag

SUB-PROCESSOR Bugsnag is a tool for reporting front-end (browser-level) errors. It allows us to react to problems even before customers report them to us.

Stored data

  • Jira tenant key

  • Jira issue ID

  • User IP address

  • User language

  • User browser information (browser, version, locale, operating system, user agent)

Google BigQuery and Amplitude

To better understand the interactions of our customers with the app, we collect anonymous statistics on the app usage. These statistics help us define the future direction of app development.

What is collected

The following table is intended to give you a complete understanding of the policy that we use to collect analytics data.

This table is not intended to list all the possible events collected by the app. Instead, it is intended to list all rules and exceptions from those rules so that you are able to assess whether something may be collected or not. 

What is not collected

We do not collect any personal data. In particular, we do not collect any information about Jira users, issues, values of comments, or any identifiable information about the Jira instance itself.

Data Type

Comments

Data Type

Comments

Context

We collect a few general context values from Jira.

  • License type (evaluation/paid)

  • Type of the issue being commented (Jira Service Management issue or other)

  • Is browser extension used or not

Context parameters do not contain any user-generated data.

Flags and statistics

We collect boolean flags and statistical numbers from the entered data. This applies to data gathered via app components or pages (including configuration and usage pages). For example:

  • App page or panel was opened

  • Comment box was expanded

  • Template was inserted

  • Comment was posted

  • Template filters were used

Flags and statistics do not contain any user-generated data.

User interface and usage

Displaying and interacting with all components and pages added by Canned Responses including:

  • Canned Responses comment box

  • Manage templates dialog

  • Add/edit template dialog

  • Settings pages

  • Statistics page

Interacting means clicking on the components or changing their state.

Please note that there are more sub-processors listed on this page and those that apply to all products should be taken into consideration for the Canned Responses app as well.