Data Security and Privacy Statement
The Scheduler for Jira Cloud:
Overview
We store only the bare minimum amount of data on our servers, so that you can use The Scheduler comfortably, without giving out your confidential data. The Scheduler uses a combination of hosted properties (provided by Atlassian) and a self-hosted relational database for persisting data.
The Scheduler uses AWS EC2, an Atlassian recommended cloud platform, for running the hosted service, and Amazon RDS for data persistence.
Data Storage and Facilities
In order to work properly, The Scheduler needs to store the following information:
Add-on registration entries
Scheduled Issue Metadata
Issue templates
Trigger definitions
Issue keys of the created issues
Add-on registration entities (stored by "The Scheduler")
The add-on registration entries we collect are required by Atlassian Connect to secure the traffic between you and our service. Each incoming web request is authenticated and authorized before access to the Cloud server or the add-on is allowed. This data needs to be stored in our relational DB for the whole process to work.
Scheduled Issue Metadata (stored by "The Scheduler")
The required metadata, such as Scheduled Issue unique ID, name, description and associated JIRA project ID and project key are also stored on our servers. We need to store the IDs in our DB to be able to identify the Scheduled Issue, as well as to retrieve the Issue Template when required (see next section). While we do not strictly need to keep the name and description attributes (and associated project key), it allows us to provide you with a better user experience, like filter capabilities, unique name validation and overall speed in data presentation. If you believe this is a blocker for you or your organization, please let us know.
Issue Templates (stored by Atlassian)
Issue template is basically a "blueprint" of the issue The Scheduler is going to create for you some time in the future. Since an issue is the most basic entity in JIRA system, we believe that the issue template is the most confidential component of the Scheduled Issue and hence, we decided not to store it on our servers. Instead, we're using Atlassian hosted properties, which basically allows add-on developers to store data on Atlassian servers, just like issues and projects. While we still process the data when necessary (i.e. when creating actual issues), we do not store your business-confidential information on our servers at any time.
Trigger definitions (stored by "The Scheduler")
Trigger definitions are basically the cron expressions, as well as start and end dates for the trigger to operate. We store this information on our side and associate it with Scheduled Issue metadata, so that we know when to create the issues for you.
Issue keys and creators of the created issues (stored by "The Scheduler")
In order for The Scheduler to be able to identify which Scheduled Issue created which JIRA Issues, we need to keep the issue keys of the created JIRA issues. We keep the issue keys only for the "Execution history" functionality, so that let you easily navigate from the Scheduled Issue execution to the actual issue that has been created.
In order to log activity and display manual execution of Scheduled Issue we also keep "userKey" (e.g. johndoe), in the table this person is displayed by Full Name with avatar - all of the information displayed there, are pulled from the user's profile (Full Name is also a link to persons profile).
From the user perspective this data (about Manual execution) is visible to everyone granted access to The Scheduler from within Project Settings tab "The Scheduler Access Management" (access is granted per Project).
GDPR compliance and readiness
We have used best efforts to prepare for new EU's data privacy law, the General Data Protection Regulation (GDPR). For doing so we have implemented updated Privacy Policy to fulfill all requirements and provide the best service possible.
This policy is intended to help you understand:
What information we collect
How we use information we collect
How we share information we collect
How we store and secure information we collect
How to access and control your information
Other important privacy information
Following sections would address those topics.
Where we store our data
We are leveraging Amazon Web Services to store our data (particularly we are using relational db deployed on AWS RDS and Kibana for data logs visualizations - also served by AWS side). According to AWS GDPR center - AWS has announced compliance with the CISPE Code of Conduct and demonstrating compliance with rigorous international standards, such as ISO 27017 for cloud security, ISO 27018 for cloud privacy, SOC 1, SOC 2 and SOC 3, PCI DSS Level 1 and others. Your data on AWS used for processing The Scheduler scheduled jobs is secured in highest manner possible. We are not sharing or exposing those data to any 3rd party legal entity or partners.
What information we collect
We are collecting data pulled out from Jira instance that are essential for process of creating scheduled jobs by The Scheduler such as Scheduled Issue unique ID, name, description and associated JIRA project ID and project key. Also we do not store your business-confidential information on our servers at any time.
Removing The Scheduler and all the associated data
At any time, you have an option to remove The Scheduler add-on from your JIRA instance along with all the data stored by our add-on. If you want to do that, then simply uninstall the add-on using the "Manage add-ons" administration section - it will remove the add-on from your JIRA instance and also remove all your data from our servers. Also if specific user would like to review and/or remove his data from our side - please contact our Support Team directly.
People and Access
The Scheduler support team accesses hosted data only for purposes of application health monitoring and performing system or application maintenance, as well as upon customer request for support purposes. Only authorized Transition Technologies PSC employees have access to server data. Data is used only to perform essential tasks done by The Scheduler on Customer's instances of Jira Cloud. Cloud users are authenticated using Atlassian Connect OAuth authentication. Customers are responsible for maintaining the security of their own JIRA Cloud login information.
Backups
For the self-hosted data, we maintain a daily backup of our relational DB schema, so that in case of a disaster, we could re-create your data. However, in order to provide additional availability and to further minimize any data loss, we keep a standby database replica that stays in sync with our primary database and is fully capable of taking over in case of a primary database failure.
Migration from server to cloud concerns
Due to the fact that we have recently rolled out automatic migrator enabling migrating data from The Scheduler on server/data center instances to its cloud counterpart - brief overview of whole process and data processing activities that we perform can be found below.
At the beginning of the whole process of migration Issue Templates are being sent to S3 managed by Atlassian
During data mapping we are using Issue Templates stored in aforementioned S3 bucket in order to create templates on Jira Cloud (although they are transited through our cloud infrastructure they are not persisted on our side)
During and after migration is completed - logs are gathered (accessible for Administrators of respective instances that were subject to a migration activities - in order to enable investigation of potential problems that may occur during data migration) containing data as follows:
project id, client key, scheduled issue name, sub-task name, custom fields id
The Scheduler for Jira Server and Data Center:
We do not collect, process nor store any data from your Jira instance - everything is stored on your Servers and in your databases. All activities are being performed on Your environment. No entities (including TT PSC as a vendor itself) has access to The Scheduler data stored on Jira Server / Data Center (beside Jira environment owners) hence it's impossible for third party to process, store or collect The Scheduler data.
Feel free to tell us what topic should be covered: thescheduler@psc-software.atlassian.net