Raledo Data Security Policy
Overview
The aim of this documentation is to cover all of the relevant information about the Data Security & Privacy Statement of Raledo Ltd to help our customers see clearly what we do and really don’t do with their data.
Introduction
Protecting your data and your privacy is our highest priority and is very important for us. Raledo Ltd adheres to a strict policy for ensuring the security and privacy of your data, in particular, your personal information (such as full name, address, email address, and/or other identifiable information, collectively such personally identifiable information Personal Data).
Raledo Ltd provides hosted services (Cloud Apps) for Atlassian Cloud Products that are developed and delivered through the Atlassian Connect App framework. Apps that are developed using the Forge framework are delivered using services hosted entirely by Atlassian. Cloud Apps can be identified by the Cloud category in the corresponding Atlassian Marketplace listing.
This Data Security and Privacy Statement will provide you with an overview of the collection and processing of your data for our Cloud Apps.
In the following, all data created by an Atlassian Cloud end-user and stored within the Atlassian Product are defined as Customer Data. This includes log files which may include customer data that is output to aid in diagnostics and debugging e.g. email addresses.
Data Security and Privacy of Our Apps
We support the latest technical and organizational measures to ensure data security, in particular, to protect your Personal Data. These measures are updated on a regular basis to stay up to date. We would like to draw your attention to the fact that security gaps are possible when transmitting data on the Internet, and it is impossible to ensure complete protection of data from unauthorized or malicious access by third parties.
We draw your attention to the fact that we do not collect, store or process any personal/ confidential information in applications suitable for Atlassian products, nor do we collect, store or process any analytical or tracking data, and nor do we place cookies or tracking beacons in any applications suitable for Atlassian products.
Some of our applications depend on the use of personal data, such as usernames and email addresses. All this information is used by the application for internal functional purposes only and, if at all used, is stored in the local database of your Atlassian cloud instance.
For several applications, we use the option to include YouTube videos to the marketplace product pages, allowed by Atlassian. All the videos used on the mentioned pages are stored on www.YouTube.com. In general, this means that some of your user data can be transmitted when you are playing these videos. We are not able to influence or prevent this data transfer. If you don’t want this data transfer, then please avoid playing the videos. For more information about it, please look at the Atlassian Marketplace Terms of Use and the Atlassian Privacy Policy.
We may use the option of Google Analytics integration to our Marketplace product pages, allowed by Atlassian. Any information collected by Atlassian or third-party partners on the Atlassian Marketplace website is governed by the Atlassian Privacy Policy. Please, note that all such information is anonymized, no personal data can be received or identified. We may use this information to analyze user experience for continuous product improvement.
CLOUD APPS
Data Storage
Unless otherwise stated below our Cloud Apps do not store Customer Data locally, but store Customer Data in the corresponding Atlassian Cloud Product instance. The Atlassian Cloud Product Security Statement can be found here.
Exceptions applying to all Cloud Apps:
Account Data: Our Cloud Apps store data provided and generated by Atlassian, that are required for license validation, contract administration, and communication with the customer instance. This may include, for example, AddOnKey, ProductType, ClientKey, BaseUrl, ServiceEntitlementNumber, SharedSecret, OauthClientId. Unless explicitly and differently specified in the Addon documentation, we do not store personal information (e.g. name, email address).Session Data: Our Cloud Apps store data resulting from the customer’s use of the service and distinguished from Customer Uploaded Data. This includes, for example, the use of statistics of service functions such as the total number of service executions per day. This data is anonymized. Therefore, we cannot identify the end user this data relates to. It is exclusively used in order to improve our service. It does not contain any Customer Uploaded Data or Operation Data.Support Data: Our Cloud Apps may offer a problem report functionality which can be triggered in the respective Apps. If a Cloud App offers such functionality, it allows you to automatically report the error to our support team. This functionality will collect relevant support data (e.g. Account Data, Operation Data, Customer Uploaded Data) from our systems and will create a support ticket in our support system on behalf of your users’ email address. If we require access to log files we will request the customer’s permission to access these files. In most cases we will provide instructions to the customer to enable them to retrieve the log files or allow our support staff access to these log files on a continuous basis. The data is usually saved in our customer support system but may also be downloaded by our support engineers for further analysis (see below section End of Subscription). Please pay special attention that data transfer on the internet can have security gaps and it is not possible to provide the complete protection of data against unauthorized or malicious access of third parties.
Real-time Error Tracking Data: Our Cloud Apps may be equipped to track errors of our Cloud Apps’ resources executed in the end-users’ browsers in real-time. This includes, for example, AddOnKey, ClientKey, BaseUrl, anonymized TrackingID, error messages and information about the environment such as browser type, browser version, and operating system. It is exclusively used in order to improve our service.
Data Location
Raledo Ltd uses an Atlassian recommended cloud platform called Amazon for hosting Cloud plugins to comply with all local laws. We also use Atlassian’s Forge framework for some of our add-ons which is also hosted in Amazon Web Services but is completely managed by Atlassian and is outside of our control. Amazon’s physical infrastructure is hosted and managed within Amazon’s secure data centres and utilizes the Amazon Web Service (AWS) technology.
Status information about the Amazon cloud platform can be found here: https://status.aws.amazon.com/.
Amazon has published security statements that can be found at the following link: https://aws.amazon.com/security/
Data Storage Terms
Our Cloud Apps do not store any personal data in its database. As we develop new products this is subject to change, and we will update this agreement or create a new agreement for the specific product.
Backups
As mentioned previously, customer data used by our products is stored within the Atlassian Cloud product instance database.
At the time of writing this policy, we do not have any products which are storing customer data in external databases and do not host data anywhere outside of the Atlassian Cloud product instance. We have no access to this data and cannot provide additional backups.
If there is a problem and customer data is lost, the customer will need to contact Atlassian support.
Billing Data Storage Terms
We may store your billing information (company name, tax codes, bank details, country, contacts of the involved Atlassian partner) to fulfil the requirements of the local tax legislation. We are not able to influence this data storage.
Application and Infrastructure Security
This section explains the security measures we’ve taken in our application and infrastructure:
Raledo Ltd support team accesses Cloud App data only for the purposes of application health monitoring and performing system or application maintenance, and upon customer request for support purposes.Customers are responsible for maintaining the security of their own Confluence and Jira Cloud login information.Communication between the Atlassian Cloud products and our Cloud Apps is done using web requests. All web requests are encrypted, digitally signed, authenticated and authorized.The Cloud Apps services is only accessible through secure protocols (e.g. https).
Please read the documentation of the relevant Cloud App product for further details.
Customers of Our Apps
By purchasing a commercial or academic license, our customers accept the following:
Raledo Ltd will receive personal information of the technical person from Atlassian.Raledo Ltd will retain all personal information that is shared by Atlassian with Raledo Ltd (Atlassian’s policy on sharing personal information).Raledo Ltd will retain personal information during the active maintenance period and after the expiration of the last maintenance period.Raledo Ltd may send emails containing product news, tips, best practices, webinar or training details, event-related information. To comply with GDPR regulations, customers can request the removal, rectification or review of their own personal information stored in the support system by sending an email to support@raledo.com or by clicking the unsubscribe link in the emails received.
Access to Customer Data
Only authorized Raledo Ltd employees and subcontractors from our support and development teams have access to Customer Data. Such subcontractors are contractually bound to the same data security and privacy standards that apply to Raledo Ltd.
End of subscription
If a customer unsubscribes from our Cloud App we mark stored Customer Data, such as log files, for deletion. However, the customer can contact us to ask for immediate manual deletion.