Data Privacy

Does your app process personal data?

No. No personally identifiable information (PII) is processed in the application. Zephyr Squad only stores user identifiers and any user information displayed in the app that comes from Jira. For more information, please visit SmartBear Privacy Policy.

What data do you have access from Jira?

The app can have access to any data coming from Jira. However, we only pull and store minimal information, like the project key, issue ids (for the traceability links), user, group, roles (for the permissions).

Where and with whom is the software hosted? What options are there to host data in our region?

AWS, currently the data is stored in us-west-2 (Oregon).

What data does the app store on its own servers (as a remote service)? Is there a way to restrict the above access by sacrificing some of the features of the app?

We store all of the data regarding Zephyr Squad: test cases, plans, cycles, executions, custom fields, and permissions data.

In terms of Jira data, we don’t store anything except Jira issue IDs to create trace links, Jira project IDs and keys, the IDs of users, roles, and groups for permissions as well as the tenant information that allows us to make calls to Jira (including the tenant secret). There’s no way to restrict it.

Where else is Zephyr Squad data processed?

Anonymous data is collected and processed by third-party applications:

  • Amplitude – product usage data analytics platform

  • Beamer – in-app messaging and notifications tool

  • LaunchDarkly – feature flagging management

  • Segment – product usage data aggregation platform

  • BugSnag – error tracking and performance monitoring tool (SmartBear product)

No personal data is collected and processed by these tools.

Example of the data processed includes:

Data

Example value

URL path

/jira/browse/ABC-123

User ID

6a2ba123e12f789c1234c4ef

License tier

2000 users

License type

COMMERCIAL

Support Entitlement Number

SEN-1234566

App version

7.1.1

Jira instance ID

JHYU-AS8U-ASDF-BHJ7

Jira version

8.14.0

User agent

Mozilla/5.0

Tracking event name

Viewed test player

 

Do you maintain full audit logs of each action/change of your infrastructure? For how long?

We have audit logs of any changes to the provisioning of our infrastructure (AWS CloudTrail) – it’s held for 90 days.

How long do you store customer data? Do you have a process for customer data to be deleted?

No customer data is automatically deleted. The data can be erased upon customer request.

Do your employees (for example, developers or system administrators) have access to Atlassian customer data? How is this access controlled and monitored?

The development team has access to Zephyr Squad's production data but has no access to any of the customer’s Jira data.

Publication date: