Data storage

Scope

We store limited tenant-specific data as required for the operation of the add-on, including metadata describing the configuration of each report created by the tenant. This metadata includes, for example, the report name and description, the base JQL query used to source the report data, and the ID of JIRA fields to be displayed as columns or used for sorting, grouping, filtering and aggregation. Tenant-specific data is logically separated within a single database, and all requests for tenant data are authenticated and access-controlled to ensure that only authorized users from the tenant's JIRA instance can access it.

We do not store any other tenant-specific JIRA data (including issues, worklogs, user profiles, etc.) and such data never passes through our servers. 

Retention

Retained tenant data is stored indefinitely, and may be removed at our sole discretion. Retained data may continue to be stored in the event that the tenant disables or uninstalls the add-on. Tenants may request permanent removal of retained data.

Report data received from JIRA is cached temporarily in memory on the user's machine and discarded when the next report is loaded or when the user closes the browser.

Portability

While we do not take any steps to promote interoperability of report configuration metadata with third-party systems, we are happy to provide a JSON-formatted export of this metadata upon tenant request.

Backups

The add-on database is backed up daily by our service provider. Backups are intended for use only in recovering from a system failure; we are not able to restore data accidentally deleted by a tenant.  

Security

Application and infrastructure

The add-on is packaged as a JavaScript client which executes locally in the user's browser. At report runtime, this client queries the JIRA host directly for report data on behalf of the user. All communication between the add-on client and the JIRA host is SSL-encrypted and authenticated with JWT, using Atlassian Connect APIs

All communication between the add-on client and add-on server is SSL-encrypted and authenticated with JWT according to Atlassian recommendations

Application and database servers are hosted with Heroku and Compose, respectively, and both providers use Amazon Web Services for underlying infrastructure. The application server and database are isolated from external access. 

Disclosures

If you identify a security vulnerability in the add-on, please report it to us immediately by email. In the event of a security breach or confirmed vulnerability in the add-on, we will notify any affected tenants by email, including recommended actions or precautions to be taken.

Privacy

We respect your privacy, and will not share any data collected or retained by the add-on with any third-party, except as required by law.