We take data security very seriously so we use only trusted service providers with the highest security standards. On this page, you will find details on how we secure our clients’ data. If you think something is missing or you have any security related questions please let us know at Appfire Support Portal
- Google Integration
- Google Cloud Platform
Integration with Google Calendar is the core feature of the app. It requires the following permissions to connect your Atlassian account with Google:
- View and edit events on all your calendars.
- See and download any calendar you can access using your Google Calendar.
App accesses and uses the following Google data for display purposes:
- Google Calendar event details (name, description, dates, time, type…)
- Google Calendars list (names, Ids, access level)
App stores the following data retrieved from Google services:
- EventID and CalendarID for each event created within the app;
- CalendarIDs for Jira project ↔︎ calendar mapping;
- Access token.
App does not store any additional event data (like name, description, time etc.) or calendar data (events created outside of the app). Events data is retrieved through the secure middle-ware from Google directly, on every app view.
SUB-PROCESSOR – providers with this label are our data sub-processors as defined by European General Data Protection Regulation (GDPR)
SUB-PROCESSOR Google Firebase is a real-time shared database. We use it to store calendar events mapping data per Jira instance & issue.
- Jira tenant Id
- Jira client key
- Jira project Id
- Jira user account id
- Google calendar Id & event Id
- Access token for Google API
- State of Google API authorization
- User analytics setting (on / off)
Firebase database is secured using Firebase security rules. Each user in your Jira instance has access to all data listed in section Stored data for all your Jira issues except “Authorization State & Access Token“ which is secured per user. Anonymous users and users from different Jira instances do not have access to your data. We also store 30 daily backups of this database.
We store the minimal amount of data needed to provide our service.
We don’t store neither Google Calendar event names and descriptions, nor Jira issue summaries or comments, nor other sensitive information. We don’t store neither users’ full names nor e-mails but we rely on user keys provided by Jira which can contain them.
SUB-PROCESSOR Bugsnag is a tool for reporting of in-browser errors. It allows us to fix errors before customers report them to us.
- Jira client key
- Jira issue id
- User IP address
- User language
- User browser information (browser, version, locale, operating system, user agent)
SUB-PROCESSOR With Keen.io we collect anonymous statistics of the app usage to better understand customers behavior. It’s one of the inputs to product development plan. We do not collect any information about users, content of work items, comments, or any identifiable information about Jira users.
The table below is intended to provide a complete understanding of the policy that we use to collect analytics data. This table is not intended to list all the possible events collected by the app.
|User interface and usage||Displaying and interacting with the components and pages added by Google Calendar Integration for Jira app including:|
• Event creation
• Event edit/deletion
• Change of default calendar setting
• Switching between app screens
• Google Account connection / disconnection
Interacting means clicking on the components or changing their state.
|Flags and statistics||We collect boolean flags and statistic numbers from the inputted data. This applies to data gathered via app components or pages (including configuration and usage pages). For example:|
• Type of calendar event (all day, time)
• If custom event name / description is applied
• Which fields were edited on event edit
• If app was loaded with Google account connected / disconnected
Flags and statistics do not contain any user generated content.
|Context||We collect a few general context values from Jira, e.g.|
• License type (evaluation / paid)
• ProjectId, issueId, user’s accountId
• Jira client key
Context parameters do not contain any user generated content.
Google Cloud Platform
SUB-PROCESSOR Google Calendar Integration for Jira app runs on Google Cloud Platform (GCP) and serves traffic using Firebase Hosting (serves static content from region chosen automatically for each user based on their location) and Cloud Functions (serves traffic which includes your data from us-central1 region).
Besides the application itself, GCP stores server logs that contain the following information:
- Access logs – web addresses accessed by user’s browser when communicating with Google Calendar Integration for Jira app. It may include any of the following data:
- Browser name and version
- URL that the application was run on (includes Jira URL, JQL query, project key, and issue key)
- Request date
- IP address
- Jira issue ID
- Jira Project ID
- Jira user account ID
- Application logs – internal application messages that don’t contain any personal data.
These logs are purged after 30 days.