Effective starting: August 28, 2023
This document lists important security and privacy-related questions that you might have when evaluating the Advanced Columns app on your Jira Cloud instance. Should you have any additional questions, please let us know at Advanced Columns Support.
...
Index
What kind of data is downloaded from Jira by Advanced Columns?
Did you complete Atlassian's Security Self-Assessment ProgramDoes Easysecrets have its own Privacy Policy?
Did Advanced Columns fill Security and Privacy tab from the Marketplace?
What kind of data is downloaded from Jira by Advanced Columns?
In order for Advanced Columns to display data on the Advanced Columns Board and perform calculationsas Dynamic Boards and Advance Columns, the following data may be downloaded:
Information about regarding issues, such as issue keys and issue field values and issue links;
Information regarding filters, such as its name, id, query and shares;
Information about regarding the user, such as its name, avatar and ID;path (not the avatar itself) and Atlassian’s accountId.
Information about the user's permissions group/role membership (groups, roles in projects) – this information is used to validate the user's access to issues, boards and filters.
...
What kind of data is stored by Advanced Columns?
The only data from Atlassian accounts stored in our database are users accountId. We need this information so users can define who have access to their boards and who can edit them. We do not store data on the Advanced Columns servers. (colocar pequena descrição explanando que os dados são armazenados no Forge DB)any additional personal data such as display name, email address and other Atlassian account related data except from its Id.
We store Dynamic Boards that you may create using the app such as, their name, description, columns, viewers, admins and others.
Additionally, we store Advanced Columns data that you may create when using the app such as their name, descriptions, filter Ids, chart preferences and others.
What kind of data is collected by Advanced Columns support?
(Colocar pequena descrição dos dados coletados para ação do suporte. Ex.: Email, instance URL, Site URL, provas que auxiliem na resolução, descrição dos problemas)
Where are the servers located?
...
By opening a support ticket on our service management portal, we collect the following data:
Email address - We need this to get back to you when solving your tickets.
Display name - Although not mandatory, if you choose to register your name on our portal, we will use it to address you by your name.
Site URL - The Jira instance’s URL is need to verify if the customer has a valid license.
Other information - You may choose to add additional information such as short and log descriptions (or even attachments) to further detail your issue. We will use the information only to solve the issue your having or to consider improvements on our app when it comes to feature requests and feedbacks.
Where are the servers located?
The app does not run on any additional servers other than Atlassian’s cloud since it is built on the Forge Platform.
How is the data encrypted?
...
We use TLS to protect information while in transit across the Internet and inside the cluster.
...
Advanced Columns' TLS encryption and full disk encryption at-rest is provided by the Forge Platform. You can find further details regarding data protection provided by the platform here.
Who can get access to the data?
Only the Easysecrets on-call system engineers can access the production environment. Each employee of Easysecrets has signed a strict confidentiality and non-disclosure agreement.Since Advanced Columns' database is hosted by the Forge Platform through the Storage API, Easysecrets itself does not access any of the data you create on your instance.
How does Easysecrets audit access to the data?
In order to access the database, one needs to request temporary credentials. All such requests are logged and reviewed.
We are also working on an advanced audit process and data access mechanism, which will include:
Logging all data-related operations.
Automatic detection of unusual activity.
An approval workflow for getting access to the data.
How does Easysecrets adhere to information security standards? Do you have any compliance certifications?
We do not hold any compliance certifications at the moment; however, we plan to obtain certification later this or next year.
Advanced Columns has been diligently built with security, privacy and informational security as a highest priority. We have completed and passed Atlassian's Security Self-Assessment Program and also participate in their Bug Bounty program.
...
Since Advanced Columns' is built on Forge Platform, that means that we can log some data in order to help troubleshoot issues that you may be encountering. We have access to the logs for 60 days after the log. Our App logs won’t contain sensitive information, like financial records or personal data.
You can download a copy of the logs, or disable this access, at any time.
Does Easysecrets have its own Privacy Policy?
Please see the Privacy Policy published on our website.
Did
...
Advanced Columns fill Security and Privacy tab from the Marketplace?
Yes, we completed and passed the Atlassian Security Self-Assessment Program. you can find all details here