Data policy

Owned by spg bot
Last updated: Aug 08, 2024 by Derya Özdemir
3 min read

This page is about Agile Poker for Jira Cloud. Using Data Center? Click here.

Ensuring the security of our clients' data is of utmost importance to us. That's why we collaborate exclusively with trusted service providers who adhere to the highest security standards. On this page, you will find comprehensive information about our robust data security measures.

If you have any concerns or inquiries regarding security, please don't hesitate to reach out to us via the Appfire Support Portal or by emailing support@appfire.com.

Service providers

sub-processor – providers with this label are our data sub-processors as defined by European General Data Protection Regulation (GDPR).

Google Cloud 

sub-processor Agile Poker for Jira Cloud runs on the Google Cloud environment. In addition to the application itself, Google Cloud stores application access logs, which include user IP, user key, instance URL, and user JWT token. These logs are purged after 30 days. 

Stored data

  • Access log – web addresses accessed by the user browser when communicating with the Agile Poker add-on. It includes the following data:

    • request date

    • IP address

    • issue id

    • timezone

    • location

    • user key

    • URL that the application was run on (includes Jira URL, JQL query, project key, and issue key)

    • user authorization token

    • browser name and version

  • Application logs – internal application messages that don't contain any personal data.

Firebase 

sub-processor Firebase is a real-time shared database. We use it to synchronize session data in real time between users.

Stored data

  • Jira instance URL

  • Jira client key (tenant ID)

  • Shared secrets for communication with Jira

  • Jira board Id used for the estimation session(s)

  • Account ids of users (estimation session participants, moderators, observers, users that modified any of session properties)

  • Ids of Jira issues (active issues, voted issues, issues selected in the filter, reference issues)

  • Estimation votes and comments of users per issue

  • Session state (e.g., open/closed flag, timer state)

Security

The Firebase database is secured using Firebase security rules. Each user in your Jira instance has access to all data listed in the Stored data section for all your poker sessions. Anonymous users and users from different Jira instances do not have access to your data. Additionally, daily backups of the database are stored for 30 days.

We store the minimal amount of data needed to provide our service. We don't store issue summaries, descriptions, comments, or other sensitive information. We don't store users' full names or e-mails but we use user keys provided by Jira, which may include these details.

Bugsnag

sub-processor Bugsnag is a tool for reporting in-browser errors. It allows us to fix errors before customers report them to us.

Stored data

  • Jira client key

  • Board ID

  • User IP address

  • User language

  • User browser information (browser, version, locale, operating system, user agent)

Amazon Web Services (AWS)

sub-processor We use AWS to send email notifications to participants (i.e. when the asynchronous session starts).

Stored data

  • User display name

  • User email address

  • Board id

  • Board name

We analyze application logs only for the purpose of monitoring application health and doing post-incident analysis. If you’d like us to skip processing logs from your instance, please let us know at Appfire Support Portal or support@appfire.com.

Google Analytics

For a better understanding of our clients, we collect anonymous statistics on plugin usage. These statistics tell us how we should develop our plugin to make our clients happy. 

What is collected

The following table provides a comprehensive overview of the analytics data collection policy we employ.

This table is not intended to list all the possible events collected by the add-on. It is, however, intended to list all rules and exceptions from those rules so that you are able to assess whether something can be collected or not. 

Data type

Comments

Data type

Comments

User interface and usage

When displaying and interacting with Agile Poker's components and pages, including but not limited to:

  • Session picker and All session pages

  • Interactive, Asynchronous, Relative, and Bucket Sizing sessions pages

  • Sessions' creation and configuration pages

  • What's new? dialog

Interacting means clicking on the components or changing their state.

Flags and statistics

We collect boolean flags and statistical numbers from the entered data. This pertains to data obtained through add-on components or pages, including configuration and usage pages. For example:

  • Asynchronous session started

  • The timer started/stopped

  • Index of selected estimate value (actual value is excluded)

  • If and when user interrupted introduction tour

Flags and statistics do not contain any user-created data.

Context

We collect a few general context values from Jira, such as the license type (evaluation/paid).

Context parameters do not contain any user-created data.

What is not collected

In Google Analytics, we only collect minimal and anonymous data in accordance with the rules outlined above. Specifically, we do not gather any information about users, issues, values of comments, or any identifiable information about the Jira instance itself.

Disabling Google Analytics

We highly recommend keeping Google Analytics enabled as it allows us to utilize anonymous usage statistics to enhance Agile Poker for Jira Cloud and better meet the needs of our clients. However, if you still wish to disable Google Analytics, you can find instructions on how to do so on the Global Settings page.