Data policy
This page is about Agile Poker for Jira Cloud. Using Data Center? Click here.
Ensuring the security of our clients' data is of utmost importance to us. That's why we collaborate exclusively with trusted service providers who adhere to the highest security standards. On this page, you will find comprehensive information about our robust data security measures.
If you have any concerns or inquiries regarding security, please don't hesitate to reach out to us via the Appfire Support Portal or by emailing support@appfire.com.
Data residency
Agile Poker for Jira Cloud data is stored and processed in the Google Cloud Platform. You can choose to store your data in one of the following regions:
europe-west1 (Belgium)
us-central1 (Iowa, United States)
asia-southeast1 (Singapore)
By default, Agile Poker will store your data in the same region as your Jira instance. If your Jira region changes, you can request to move Agile Poker data to match. For a detailed overview of data residency options, please visit our Data residency documentation.
Key types of data stored based on data residency include:
Project IDs
Issue IDs
Agile Poker session data (e.g., session names, votes, comments)
Email invitations and Slack messages created during session configuration
Service providers
sub-processor – providers with this label are our data sub-processors as defined by European General Data Protection Regulation (GDPR).
Google Cloud
sub-processor Agile Poker for Jira Cloud runs on the Google Cloud environment. In addition to the application itself, Google Cloud stores application access logs, which include user IP, user key, instance URL, and user JWT token. These logs are purged after 30 days.
Stored data
Access log – web addresses accessed by the user browser when communicating with the Agile Poker add-on. It includes the following data:
request date
IP address
timezone
location
user key
URL that the application was run on (includes Jira URL, JQL query, project key, and issue key)
user authorization token
browser name and version
project IDs, issue IDs
Agile Poker session names
comments sent during Asynchronous sessions
email invitations and Slack messages created while configuring a session
Application logs – internal application messages that don't contain any personal data.
On this page:
|
---|
Firebase
sub-processor Firebase is a real-time shared database. We use it to synchronize session data in real time between users.
Stored data
Jira instance URL
Jira client key (tenant ID)
Shared secrets for communication with Jira
Jira board Id used for the estimation session(s)
Account ids of users (estimation session participants, moderators, observers, users that modified any of session properties)
Ids of Jira issues (active issues, voted issues, issues selected in the filter, reference issues)
Estimation votes and comments of users per issue
Session state (e.g., open/closed flag, timer state)
Security
The Firebase database is secured using Firebase security rules. Each user in your Jira instance has access to all data listed in the Stored data section for all your poker sessions. Anonymous users and users from different Jira instances do not have access to your data. Additionally, daily backups of the database are stored for 30 days.
We store the minimal amount of data needed to provide our service. We don't store issue summaries, descriptions, comments, or other sensitive information. We don't store users' full names or emails but we use user keys provided by Jira, which may include these details.
Bugsnag
sub-processor Bugsnag is a tool for reporting in-browser errors. It allows us to fix errors before customers report them to us.
Stored data
Jira client key
Board ID
User IP address
User language
User browser information (browser, version, locale, operating system, user agent)
Amazon Web Services (AWS)
sub-processor We use AWS to send email notifications to participants (i.e. when the asynchronous session starts).
Stored data
User display name
User email address
Board id
Board name
We analyze application logs only for the purpose of monitoring application health and doing post-incident analysis. If you’d like us to skip processing logs from your instance, please let us know at Appfire Support Portal or support@appfire.com.
Google Analytics
For a better understanding of our clients, we collect anonymous statistics on plugin usage. These statistics tell us how we should develop our plugin to make our clients happy.
What is collected
The following table provides a comprehensive overview of the analytics data collection policy we employ.
This table is not intended to list all the possible events collected by the add-on. It is, however, intended to list all rules and exceptions from those rules so that you are able to assess whether something can be collected or not.
Data type | Comments |
---|---|
User interface and usage | When displaying and interacting with Agile Poker's components and pages, including but not limited to:
Interacting means clicking on the components or changing their state. |
Flags and statistics | We collect boolean flags and statistical numbers from the entered data. This pertains to data obtained through add-on components or pages, including configuration and usage pages. For example:
Flags and statistics do not contain any user-created data. |
Context | We collect a few general context values from Jira, such as the license type (evaluation/paid). Context parameters do not contain any user-created data. |
What is not collected
In Google Analytics, we only collect minimal and anonymous data in accordance with the rules outlined above. Specifically, we do not gather any information about users, issues, values of comments, or any identifiable information about the Jira instance itself.
Disabling Google Analytics
We highly recommend keeping Google Analytics enabled as it allows us to utilize anonymous usage statistics to enhance Agile Poker for Jira Cloud and better meet the needs of our clients. However, if you still wish to disable Google Analytics, you can find instructions on how to do so on the Global Settings page.