Data policy

This page is about Agile Poker for Jira Cloud. Using Data Center? Click here.

Ensuring the security of our clients' data is of utmost importance to us. That's why we collaborate exclusively with trusted service providers who adhere to the highest security standards. On this page, you will find comprehensive information about our robust data security measures.

If you have any concerns or inquiries regarding security, please don't hesitate to reach out to us via the Appfire Support Portal or by emailing support@appfire.com.

Data residency

Agile Poker for Jira Cloud data is stored and processed in the Google Cloud Platform. You can choose to store your data in one of the following regions:

europe-west1 (Belgium)
us-central1 (Iowa, United States)
asia-southeast1 (Singapore)

By default, Agile Poker will store your data in the same region as your Jira instance. If your Jira region changes, you can request to move Agile Poker data to match. For a detailed overview of data residency options, please visit our Data residency documentation.

Key types of data stored based on data residency include:

Project IDs
Issue IDs
Agile Poker session data (e.g., session names, votes, comments)
Email invitations and Slack messages created during session configuration

Service providers

sub-processor – providers with this label are our data sub-processors as defined by European General Data Protection Regulation (GDPR).

Google Cloud

sub-processor Agile Poker for Jira Cloud runs on the Google Cloud environment. In addition to the application itself, Google Cloud stores application access logs, which include user IP, user key, instance URL, and user JWT token. These logs are purged after 30 days.

Stored data

Access log – web addresses accessed by the user browser when communicating with the Agile Poker add-on. It includes the following data:
- request date
- IP address
- timezone
- location
- user key
- URL that the application was run on (includes Jira URL, JQL query, project key, and issue key)
- user authorization token
- browser name and version
- project IDs, issue IDs
- Agile Poker session names
- comments sent during Asynchronous sessions
- email invitations and Slack messages created while configuring a session
Application logs – internal application messages that don't contain any personal data.

On this page: 1 Data residency 2 Service providers 2.1 Google Cloud 2.1.1 Stored data 2.2 Firebase 2.2.1 Stored data 2.2.2 Security 2.3 Bugsnag 2.3.1 Stored data 2.4 Amazon Web Services (AWS) 2.4.1 Stored data 2.5 Google Analytics 2.5.1 What is collected 2.5.2 What is not collected 2.5.3 Disabling Google Analytics

On this page: 1 Data residency 2 Service providers 2.1 Google Cloud 2.1.1 Stored data 2.2 Firebase 2.2.1 Stored data 2.2.2 Security 2.3 Bugsnag 2.3.1 Stored data 2.4 Amazon Web Services (AWS) 2.4.1 Stored data 2.5 Google Analytics 2.5.1 What is collected 2.5.2 What is not collected 2.5.3 Disabling Google Analytics

Firebase

sub-processor Firebase is a real-time shared database. We use it to synchronize session data in real time between users.

Stored data

Jira instance URL
Jira client key (tenant ID)
Shared secrets for communication with Jira
Jira board Id used for the estimation session(s)
Account ids of users (estimation session participants, moderators, observers, users that modified any of session properties)
Ids of Jira issues (active issues, voted issues, issues selected in the filter, reference issues)
Estimation votes and comments of users per issue
Session state (e.g., open/closed flag, timer state)

Security

The Firebase database is secured using Firebase security rules. Each user in your Jira instance has access to all data listed in the Stored data section for all your poker sessions. Anonymous users and users from different Jira instances do not have access to your data. Additionally, daily backups of the database are stored for 30 days.

We store the minimal amount of data needed to provide our service. We don't store issue summaries, descriptions, comments, or other sensitive information. We don't store users' full names or emails but we use user keys provided by Jira, which may include these details.

Bugsnag

sub-processor Bugsnag is a tool for reporting in-browser errors. It allows us to fix errors before customers report them to us.

Stored data

Jira client key
Board ID
User IP address
User language
User browser information (browser, version, locale, operating system, user agent)

Amazon Web Services (AWS)

sub-processor We use AWS to send email notifications to participants (i.e. when the asynchronous session starts).

Stored data

User display name
User email address
Board id
Board name

We analyze application logs only for the purpose of monitoring application health and doing post-incident analysis. If you’d like us to skip processing logs from your instance, please let us know at Appfire Support Portal or support@appfire.com.

Google Analytics

For a better understanding of our clients, we collect anonymous statistics on plugin usage. These statistics tell us how we should develop our plugin to make our clients happy.

What is collected

The following table provides a comprehensive overview of the analytics data collection policy we employ.

This table is not intended to list all the possible events collected by the add-on. It is, however, intended to list all rules and exceptions from those rules so that you are able to assess whether something can be collected or not.

Data type	Comments

Data type

Comments

User interface and usage

When displaying and interacting with Agile Poker's components and pages, including but not limited to:

Session picker and All session pages
Interactive, Asynchronous, Relative, and Bucket Sizing sessions pages
Sessions' creation and configuration pages
What's new? dialog

Interacting means clicking on the components or changing their state.

Flags and statistics

We collect boolean flags and statistical numbers from the entered data. This pertains to data obtained through add-on components or pages, including configuration and usage pages. For example:

Asynchronous session started
The timer started/stopped
Index of selected estimate value (actual value is excluded)
If and when user interrupted introduction tour

Flags and statistics do not contain any user-created data.

Context

We collect a few general context values from Jira, such as the license type (evaluation/paid).

Context parameters do not contain any user-created data.

What is not collected

In Google Analytics, we only collect minimal and anonymous data in accordance with the rules outlined above. Specifically, we do not gather any information about users, issues, values of comments, or any identifiable information about the Jira instance itself.

Disabling Google Analytics

We highly recommend keeping Google Analytics enabled as it allows us to utilize anonymous usage statistics to enhance Agile Poker for Jira Cloud and better meet the needs of our clients. However, if you still wish to disable Google Analytics, you can find instructions on how to do so on the Global Settings page.