Data Security & Privacy Statement

Owned by Daniel Wester (Unlicensed)
Last updated: Dec 20, 2019 by Daniel Wester

Overview

This document is in addition to the 55 Degrees Privacy document, the 55 Degrees EULA and the DPA(available upon request) provided by 55 Degrees and explains how Missions overview for Jira stores the data it captures. This document will be updated as new features is added to Missions overview for Jira.

Data storage terms and data storage location

  • Missions overview for Jira stores data in the customer's Jira instance (for example yourinstance.atlassian.net) using Content Properties (in order to render the Issue Glances).
  • In addition to this, 55 Degrees maintains a database, in utilizing either of our vendors(this is currently DigitalOcean (Frankfurt/Amsterdam DataCenters) and/or Amazon AWS (Nordic region), that contains items such as:
    • Basic information about the instances.
    • The mission configuration 
    • The mission status updates
    • Global permission configuration.
    • Content-neutral IDs for content (such as Issue and Project IDs)
    • For the purposes of this document, assume that all content in some form is stored in the 55 Degrees database.
  • We do not store any user data (personal information or any similar data) in either the Jira instance or in the 55 Degrees database.
  • We may cache any Jira (or similar content) in a local cache for performance reasons. This content is not persisted and erased from memory upon application restart.
  • Please read the documentation of the product for further details.

Backups

This section explains our backup and recovery policy for customer data.

  • The 55 Degrees database is backed up using Amazon AWS and DigitalOcean technologies.
  • Backups are done once a day and are purely for disaster recovery purposes.
  • Backups are removed after 7 days (DigitalOcean) or 30 days (Amazon AWS).

Logs

55 Degrees utilizes various logging mechanism and services and will store the data in the same regional vicinity as the service itself (ie. if your tenant is hosted in a data center within EU - the logs for your tenant will remain within EU). We don't log any personal identified information. Any logging performed is done for the purpose of troubleshooting and service maintenance. Our current logging service provider is a combination of Amazon AWS technologies, DigitalOcean services as well as DataDog. 

Account removal and data retention

This section explains how a customer can close an account and completely remove their data from our service. 

  • A customer can uninstall the Missions overview for Jira app from their Jira instance. At this point, the instance data stored in the 55 Degrees database is marked for deletion. After 30 days of non-connectivity to an instance - the data stored in the 55 Degrees database is marked for deletion. A manual (currently) process is then executed to verify that the account does not have an active license. After 30 days any non-active licensed data in the 55 Degrees database is then deleted. If a customer wants to delete the data ahead of this - please contact support@55degrees.se .
  • Customer account information is retained by 55 Degrees for 7 days after this period account information is unrecoverable deleted.

  • Please read the documentation of the product for further details.

Data portability

This section explains if and how a customer can extract their data from your service.

  • Any data that is stored on the Jira instance can be retrieved using Atlassian provided rest API calls to request the content properties on the associated issues. The content properties are namespaced using "lagom-".
  • At this moment in time, the 55 Degrees data is not extractable from the Missions Overview for Jira database.
  • Please read the documentation of the product for further details.

Application and infrastructure security

This section explains what security measures we've taken in our application and infrastructure.

  • The 55 Degrees support team accesses app data only for purposes of application health monitoring, performing system updates, application maintenance, and/or upon customer request for support purposes.
  • Only authorized 55 Degrees employees responsible for those activities have access to customer data.
  • Customers are responsible for maintaining the security of their own Confluence and JIRA Cloud login information.
  • Communication between the Cloud products and the 55 Degrees servers are done using web requests. All web requests are digitally signed, authenticated and authorized.
  • 55 Degrees' servers are only accessible through secure protocols (e.g. https and/or ssh).
  • Please read the documentation of the product for further details.

Security disclosure

This section explains how and under what circumstances we notify our customers about security breaches or vulnerabilities and indicate how a user or security researcher should disclose a vulnerability found in our add-on to us.

  • Security breaches or vulnerabilities with the proposed solution of the problem are published on our website.
  • Customers can report security breaches or vulnerabilities using support@55degrees.se e-mail address.
  • Please read the documentation of the product for further details.

Privacy

Data collected during the use of our add-on will not be shared with third parties except if required by law.