Data Privacy
Does your app process personal data?
No. No personally identifiable information (PII) is processed in the application. Zephyr Squad only stores user identifiers and any user information displayed in the app that comes from Jira. For more information, please visit SmartBear Privacy Policy.
What data do you have access from Jira?
The app can have access to any data coming from Jira. However, we only pull and store minimal information, like the project key, issue ids (for the traceability links), user, group, roles (for the permissions).
Where and with whom is the software hosted? What options are there to host data in our region?
AWS, currently the data is stored in us-west-2 (Oregon).
What data does the app store on its own servers (as a remote service)? Is there a way to restrict the above access by sacrificing some of the features of the app?
We store all of the data regarding Zephyr Squad: test cases, plans, cycles, executions, custom fields, and permissions data.
In terms of Jira data, we don’t store anything except Jira issue IDs to create trace links, Jira project IDs and keys, the IDs of users, roles, and groups for permissions as well as the tenant information that allows us to make calls to Jira (including the tenant secret). There’s no way to restrict it.
Where else is Zephyr Squad data processed?
Anonymous data is collected and processed by third-party applications:
Amplitude – product usage data analytics platform
Beamer – in-app messaging and notifications tool
LaunchDarkly – feature flagging management
Segment – product usage data aggregation platform
BugSnag – error tracking and performance monitoring tool (SmartBear product)
No personal data is collected and processed by these tools.
Example of the data processed includes:
Data | Example value |
---|---|
URL path | /jira/browse/ABC-123 |
User ID | 6a2ba123e12f789c1234c4ef |
License tier | 2000 users |
License type | COMMERCIAL |
Support Entitlement Number | SEN-1234566 |
App version | 7.1.1 |
Jira instance ID | JHYU-AS8U-ASDF-BHJ7 |
Jira version | 8.14.0 |
User agent | Mozilla/5.0 |
Tracking event name | Viewed test player |
Do you maintain full audit logs of each action/change of your infrastructure? For how long?
We have audit logs of any changes to the provisioning of our infrastructure (AWS CloudTrail) – it’s held for 90 days.
How long do you store customer data? Do you have a process for customer data to be deleted?
No customer data is automatically deleted. The data can be erased upon customer request.
Do your employees (for example, developers or system administrators) have access to Atlassian customer data? How is this access controlled and monitored?
The development team has access to Zephyr Squad's production data but has no access to any of the customer’s Jira data.