Data Privacy

Do you process PII (personally identifiable information)?

No. All user PII data is anonymized by Jira, and as a plugin, we just deal with user IDs that are associated with users that is assigned by Jira.

Is your app GDPR compliant?

Yes. No personally identifiable information (PII) is stored. Zephyr Squad only stores user identifiers, and any user information displayed in the app comes from Jira. For more information, see SmartBear Privacy Policy.

What data do you extract from Jira and pull into your platform?

We do not extract any data from Jira other than issue links to the test cases. The rest of the data is specific to Zephyr and is stored in Zephyr Squad Cloud.

What is the exact data (specific fields of the Jira issues) that the app has access to?

Zephyr Squad has access to the Jira issue type of type “Test” and all its related fields.

What is the exact data that the app stores on its own servers (it being a remote service)? Is there a way to restrict the above access by sacrificing some of the features of the app?

We store all of the data regarding Zephyr Squad: test cases, plans, cycles, executions, and custom fields.

In terms of the Jira data, we do not store anything except for Jira issue IDs to create trace links, Jira project IDs and keys, the IDs of users as well as the tenant information that allows us to make calls to Jira (including the tenant secret). There is no way to restrict it.

All the Zephyr-related data is stored in Zephyr Squad Cloud, there is no way to restrict access to this data storage as it’s critical to the entire application workflow

Where and with whom is the software hosted? What options are there to host data in our region?

We are hosted completely on AWS, and our data centers are currently located in the US. More regions will be supported in the future, and we’ll aim to support the same regions as Jira, following Atlassian’s public roadmap for supporting data residency for apps.

Do you maintain full audit logs of each action/change of your infrastructure? For how long?

Yes, we maintain an audit log of the infrastructure changes for 6 months.

How long do you store customer data? Do you have a process for customer data to be deleted?

We store the customer data for 6 months after the subscription has expired so that customers can continue with the application where they left off once they renew the license. We do have a process to completely delete the customer data from our systems.

Do your employees (for example, developers or system administrators) have access to the Atlassian customer data? How is this access controlled and monitored?

We have provisioned production access to only the DevOps teams and no one else. The DevOps teams have access to the Zephyr Squad application data, but no PII data. All production access is logged and periodically audited for any unauthorized access of the production systems.

See Also

Data Security

Performance

Publication date: