Adaptavist Apps: Cloud Security and Privacy Policy


Adaptavist provides two types of Apps on the Atlassian Marketplace.

  • Downloadable products or Server Apps that are installed in a server instance of the applicable Atlassian product hosted and managed by the client. These are our Server Apps.
  • Hosted Apps for Atlassian Cloud products that are delivered via the Atlassian Connect framework. These are our Cloud Apps.

This policy applies to the Adaptavist Cloud Apps only.

Data Storage and Facilities

Adaptavist uses AWS to host its cloud hosted add-on components. Adaptavist are responsible for provisioning, monitoring and maintaining the AWS infrastructure required to support our Cloud Apps.

Log information is stored on Elastic Cloud hosted on AWS.

Stored Jira Data

Unless specifically highlighted below Adaptavist do not store our customer data which instead is stored in the Atlassian Cloud Product that the add-on applies to. The data stored in the Atlassian Cloud Product is covered by the Atlassian Cloud Policy which can be found here.

Exceptions for all Cloud Apps

Account Data: Our Cloud Apps store data provided and generated by Atlassian, that are required for license validation, contract administration and communication with the customer instance.

Session Data: Our Cloud Apps store data resulting from each customer's use of the service and is distinguished from Customer Uploaded Data. This includes for example usage statistics of service functionality such as the total number of ScriptRunner functions used per day. This data is anonymised. Therefore, we cannot identify the end user this data relates to.

Analytics: We use Google Analytics and to allow us to analyse behaviour patterns that ultimately lead to product improvements. It is exclusively used in order to improve our service. It does not contain any Customer Uploaded Data or Operational Data. Adaptavist only capture the page that is viewed and the referrer along with the tenant identifier. There is additionally individual and organisational data that Google Analytics records, Adaptavist do not intend to use this data.

Error Logs data: Our Cloud Apps track errors of our Cloud Apps' resources executed in the end users' browsers in real-time. This includes for example AddOnKey, ClientKey, BaseUrl, anonymised TrackingID, error messages and information about the environment such as browser type, browser version and operating system. It is exclusively used in order to improve our service. Errors from JavaScript in our cloud applications are sent to Sentry.IO to alert Adaptavist support. The data sent to Sentry.IO includes organisational data but no individual data.

Metrics: Application metrics are sent to Datadog for analysis and reporting in order for us to monitor the applications performance. This will include anonymised organisational data but no individual data.

Exceptions for Specific Cloud Apps

Adaptavist Test Management for Jira: For the cloud version of Test Management for Jira, Adaptavist use the Jira APIs to query data from selected projects for links to Test Management artefacts. Adaptavist store all of the Test Management data such as test cases, plans, runs and test execution data. We also store Attachments added to Test Management entities for example attachments added to a Test Case or Test Execution.

ScriptRunner for Jira Cloud: For some features we store customer scripts and queries (encrypted) inside our own infrastructure hosted on AWS.

Build Results Viewer for HipChat: We store (encrypted) the Bamboo Server URL, Bamboo User username and Bamboo User password to let us use the Bamboo Server REST API on behalf of the customer as it requires Basic Authentication.

SmartDraw: SmartDraw data is covered by their Terms of Service which can be found here as the data is hosted by SmartDraw and not Adaptavist.

Data Location

Data is stored in the following AWS Regions us-west-2, eu-west-1, us-east-1 & eu-west-2


We encrypt sensitive data at rest in our database using AES-256.

People and Access

Only Adaptavist Developers or Support Engineers have access to the AWS platform hosting our Cloud Apps. They only have access to the application data to perform system or application support purposes.

HTTPS and SSH are the only protocols available to our cloud platform. SSH access is limited to Adaptavist Support Engineers. SSH access is restricted to known trusted internal networks with key-based authentication.

Our platform is micro-service based which is also layered into public and internal/private. Each one of these services is responsible for its own data and provides its own access controls. We will also ship and monitor logs from these micro-services which we alert if abnormal behaviour is detected.

For SmartDraw this is again covered in the Terms of Service provided by SmartDraw which can be found here.


Data stored in our AWS platform for all cloud Apps apart from SmartDraw is backed up every 4 hours with incremental backups. Daily backups of the entire platform are taken every 24 hours.

For SmartDraw cloud incremental backups are taken every hour with daily backups of the entire platform taken nightly.