/
Data privacy and security

Data privacy and security

Data privacy

Your privacy is important to us, and so is being transparent about how we collect, use, and share information about you.

What information we collect

What kind of data are stored by the plugin

  • Installation data sent by Jira during the installation process

  • Issue keys when user is creating or opening the plugin dialog window

  • Atlassian user ids of users who join to the room

  • Configured Jira issue field id for saving estimated points

  • We may collect some data when an error occurs in the application, such as
    - The place in the code where an error has been thrown ( stacktrace)
    - Error message or error code if an error occurred during sending the request

What kind of data are read from the Jira instance

The plugin reads some additional data by the javascript and exists only in the user’s browser:

  • The list of fields in the issue - read by the browser during the configuration process, only id of chosen field is saved on the server

  • Full name of the users joined to the room - read only by the browser in order to display the list of the team members. Full name exists only in the browser and never is saved on the server. Backend part of the plugin holds only id of the users who joined to the room

When the Room owner press “Remove room” button, data such as : team member (Atlassian account id, issue field id, issue key and whole room configuration are deleted.

Any requests regarding the data collected in the Product please to support@liquitim.com

How we use the information we collect

  • We use collected information to serve the Product to you and are necessary.

  • We are using the error related data to improve the Product and quickly fixing the bugs discovered in the application

Data residency

Agile Toolbox for Jira has instances in two zones:

  • US

  • EU

During the installation of the plugin Jira is automatically choosing the data residency based on the user’s request or Jira instance location.

Security

We use industry standard technical and organizational measures to secure the information we store by choosing Google Cloud as our infrastructure provider. This cloud provider gives us “out of the box”

  • secure-by-design infrastructure

  • encryption data at rest and encryption data at transit by default

  • well defined privacy policy

  • advanced access management

 

How we keep the Product safe

Environments

Development, test and production environment are isolated. None of the code or data is able to use other’s environment resources or have access to the data on different environment.

Limiting access

All accounts to the infrastructure or source code all secured by the 2-factor authentication with password policy retention. Permission granted to the account are periodically reviewed to make sure that they have access only to the infrastructure, code or data required to work

Source code security

  • All code changes ( pull requests) have to be reviewed and accepted

  • Deployment procedure are automated ( devops pipelines), thanks to that access to the production environments are limited and the risk of a “human error” causing Product unavailability is avoided

  • Security scanners are included in the devops pipelines ( build process) to make sure that security bugs will be quickly discovered and removed