Does your app process personal data?
What data do you have access from Jira?
The app can have access to any data coming from Jira. However, we only pull and store minimal information, like the project key, issue ids (for the traceability links), user, group, roles (for the permissions).
Where and with whom is the software hosted? What options are there to host data in our region?
AWS, currently the data is stored in us-west-2 (Oregon). More regions will be supported in the future and we’ll aim to support the same regions as Jira, following Atlassian’s public roadmap for supporting data residency for apps.
What is the exact data that the app stores on its own servers (it being a remote service). Is there a way to restrict above access by sacrificing some of the features of the app?
We store all of the data regarding Zephyr Scale Cloud: test cases, plans, cycles, executions, custom fields, and permissions data.
In terms of Jira data we don’t store anything except from Jira issue IDs to create trace links, Jira project IDs and keys, the IDs of users, roles and groups for permissions as well as the tenant information that allows us to make calls to Jira (including the tenant secret). There’s no way to restrict it.
Where else is Zephyr Scale Cloud data being processed?
Anonymous data is collected and processed by third-party applications:
Sentry – error tracking and performance monitoring
Segment – product usage data aggregation platform
Amplitude – product usage data analytics platform
No personal data is collected and processed by these tools.
Example of the data processed includes:
|License tier||2000 users|
|Support Entitlement Number||SEN-1234566|
|Jira instance ID||JHYU-AS8U-ASDF-BHJ7|
|Tracking event name||Viewed test player|
Do you maintain full audit logs of each action/change of your infrastructure? For how long?
We have audit logs of any changes to the provisioning of our infrastructure (AWS CloudTrail) – it’s held for 90 days.
How long do you store customer data? Do you have a process for customer data to be deleted?
No customer data is automatically deleted. The data can be erased upon customer request.
Do your employees (for example, developers or system administrators) have access to Atlassian customer data? How is this access controlled and monitored?
The development team has access to Zephyr Scale Cloud’s production data but has no access to any of the customer’s Jira data.