Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 24 Next »

Contents        



Canned Responses Cloud

This part of the documentation relates to Canned Responses for Jira Cloud. If you are using Jira Server go to the Canned Responses for Jira Server documentation.


We take data security very seriously so we use only trusted service providers with the highest security standards. On this page, you will find details on how we secure our clients' data. If you think something is missing or you have any security related questions please let us know at Spartez Support Portal or support@spartez.com.

Service Providers

Heroku

Canned Responses application is hosted on Heroku so user data is protected as described on the Heroku Security page.

Heroku Postgres

Heroku Postgres stores data provided during the installation handshake. The database is secured using a security mechanism provided by Heroku.

See https://www.heroku.com/policy/security#postgres for details.

Stored Data

  • Jira URL
  • Encryption keys for communication with Jira.

mLab MongoDB

We use Heroku addon mLab MongoDB to store the templates. Each Jira instance uses a separate collection. Only users from particular Jira instance can access the templates from that instance.

The database is backed up every week and 8 last backups are stored.

Stored Data

  • template name and content
  • template creator's user key
  • templates scopes including project ids and user keys
  • template creation and update time
  • client's license SEN


We store the minimal amount of data needed to provide our service.

We don't store issue summaries, descriptions, comments nor other sensitive information. We don't store full usernames nor e-mails but we use user keys and project keys provided by Jira instead.

Papertrail

We use Heroku addon Papertrail to store application logs from last 365 days. Papertrail allows us to detect suspicious patterns in the logs and notify us whenever they are detected which improves our reaction time. It also allows us to analyze application's behavior after an incident occurs. 

Stored Data

  • Access log - web addresses accessed by user browser when communicating with Canned Responses add-on. It includes following data:
    • request date
    • IP address
    • issue id
    • timezone
    • location
    • user key and user id
    • URL that the application was run on (includes Jira URL, JQL query, project key, and issue key)
    • browser name and version
  • Application logs - internal application messages that don't contain any personal data.


We analyse application logs only to monitor application health and to do post-incident analysis

If you would like us to skip processing logs from your instance, please let us know at support@spartez.com.


Google Analytics

For the better understanding of our clients, we collect anonymous statistics of the add-on usage. These statistics tell us how we should develop our plugin to make our clients happy. 

What is collected

The following table is intended to give you a complete understanding of the policy that we use to collect analytics data.

This table is not intended to list all the possible events collected by the add-on. It is however intended to list all rules and exceptions from those rules so that you are able to asses whether something may be collected or not. 

Data type

Comments

User interface and usage

Displaying and interacting with all components and pages added by Canned Responses including:

  • Canned Responses comment box
  • manage templates dialog
  • add/edit template dialog
  • settings pages

Interacting means clicking on the components or changing their state.

Flags and statistics

We collect boolean flags and statistic numbers from entered data. This applies to data gather via add-on components or pages (including configuration and usage pages). For example:

  • Comment Box was expanded
  • Template was inserted
  • Comment was posted
  • Template filters are used
  • Add-on page or panel was opened

Flags and statistics do not contain any user-created data.

Context

We collect a few general context values from Jira.

  • license type (evaluation/paid)
  • type of the issue being commented (Service Desk issue or not)
  • is Chrome extension used or not

Context parameters do not contain any user-created data.

What is not collected

In Google Analytics we do not collect any data but the minimal and anonymous data based on the rules described above. In particular, we do not collect any information about users, issues, values of comments, or any identifiable information about the Jira instance itself.



  • No labels

This page has no comments.