Table of Contents
- Contacting Us
- IP Addresses and Server Logs
- Search Results
- Information that we collect from you
- Privacy of other websites
- Users of age 16 and under
- Use of your information
- Disclosure of your information
- Access by your company administrator
- Comments and Ratings
- Software Downloads
- Data Protection Rights Under GDPR
- Adaptavist Third Parties
- Types of Cookies
- How to manage cookies
- Security and data retention
- Cloud-Only Security Policies
- Hosted Apps for Atlassian Cloud Products
- Slack Apps
By submitting details to us, you consent to the collection, use and transfer of your information under the terms of this policy. Should you have any specific queries after reading this policy, please feel free to contact us for clarification.
Your privacy is important to us, and so is being transparent about how we collect, use and share information about you. This policy is intended to help you understand what information we collect about you when you use our products and services, or otherwise interact with us, how we use and share information we collect, how we store and secure information we collect and how we access, collect and control your information.
Adaptavist reserves the right to remove offensive, provocative or discriminatory language posted on or sent through our systems and at its sole discretion, Adaptavist shall remove any user’s access to its systems, services and products as a result of such behavior.
2 Contacting Us
Should you have any questions about how your information is handled, you can do so by submitting an enquiry via http://www.adaptavist.com/contact/ or by email to firstname.lastname@example.org.
3 IP Addresses and Server Logs
Our web service stores access logs in the standard formats which include IP addresses.
We use the information to better understand user behavior on our systems, so that we may improve the experience for all. We also use the information for security and operational purposes.
4 Search Results
We monitor search results to ensure that people are finding the information they are looking for quickly and easily. Should we identify pages that are giving misleading search results we will amend them to avoid such issues.
5 Information that we collect from you
When you use our products and services you may be asked to provide certain information about yourself, including your name and contact details. We may also collect information about your usage, as well as information you provide during such usage. This includes using our websites, products and services, as well as any correspondence or communication you send.
6 Privacy of other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we are not responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement.
7 Users of age 16 and under
If you are aged 16 or under, please get your parent/guardian’s permission beforehand whenever you provide personal information to this website. Users without this consent are not allowed to provide us with personal information. If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us and we will take steps to delete such personal data from our systems.
8 Use of your information
Use of your information will vary depending on how your information was tracked. For example, if you send us an email we will use your information to reply to your message. In other cases, we may use your information to enable us to provide you with access to some or all parts of our site. We may also use and analyze the information we collect (for example page rankings and emails) so that we can administer, support, improve and develop our business.
We collect information to process your order, manage your account (where applicable), and we may contact you for your views on our products and services and to notify you occasionally about important changes or developments to the site or our products and services. All email communications from Adaptavist shall provide the option to unsubscribe at any time.
9 Disclosure of your information
The information you provide to us will be held on our computers and may be accessed by or given to our staff, affiliates or subcontractors. Unless required to do so by law, we will not otherwise share, sell or distribute any sensitive, personal information you provide to us without your consent.
Clients who purchase goods or services from Adaptavist may be referenced in promotional material and website. We may identify you by name, trade name, logo and trademark. Should you not want to be listed, please contact us at here or email@example.com. Individuals will never be added to the list.
Finally, if our business enters into a joint venture with or is sold to or merged with another business entity, your information may be disclosed to our new business partners or owners.
10 Access by your company administrator
You should be aware that the administrator of your products and services at our company may be able to: access information in and about your account; disclose, restrict, or access information that you have provided or that is made available to you when using your account, and; control how your account may be accessed or deleted.
12 Software Downloads
We may make certain software available for download on this website and may link to software on other, third party websites. This software may be created by Adaptavist or by third party vendors. The software may be programmed to access our servers and/or third party servers in order for the software to operate and in order to check for program upgrades or enhancements. From time to time, new files may be added to your computer in order to upgrade the software or add new functionality to it. These changes may occur without notice to you. If at any time you wish to uninstall the software program, you may do so by following the instructions that accompany the software. Use of the software will be governed by a separate Adaptavist End User License Agreement.
13 Data Protection Rights Under GDPR
You are entitled to see the information held about you and you may ask us to make any necessary changes to ensure that it is accurate and kept up to date. If you wish to do this, please contact us. Please note that we will require proof of your identity and, because we are a small company, your request may take up to 30 working days to process. Your rights under GDPR are:
13.1 Right to access
You have certain rights under the GDPR, for instance, you can ask to be told what information we hold about you in our databases. We will provide you with all the details that we hold about you, both online and offline, upon request.
13.2 Right to erasure
Under certain conditions, you have the right to request that we erase your personal data.
13.3 Right to restrict and object processing
You also may restrict or object the processing of your personal data, in some circumstances.
13.4 Right to update
You are entitled to see the information held about you and you may ask us to make any necessary changes to ensure that it is accurate and kept up to date. If you wish to do this, please contact us.
13.5 Right to rectify
We want to make sure your personal information is correct and up to date. You may ask us to correct or remove information you think is inaccurate.
13.6 Right to data portability
You have the right to have your personal data transmitted to another controller, where technically feasible and if it does not adversely affect the rights and freedoms of others.
13.7 Right to withdraw
You have the right to withdraw your consent. The withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.
13.8 Notification Obligation
If you have exercised your right of rectification, erasure or restriction against us, we are obliged to notify all recipients whom we have disclosed your personal data, of the rectification, erasure or restriction of the processing of your data, unless this proves impossible or involves a disproportionate effort.
13.9 Right to complain to a regulatory authority
You have the right to complain to a supervisory authority if you consider that the processing of your personal data infringes on your rights under the GDPR.
14 Adaptavist Third Parties
We collaborate with third parties that help us operate, provide, improve, integrate, customize, and support our products and services.
14.1 Service Providers
We work with third-party service providers to supply website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis and other services for us, which may require them to access or use information about you. Adaptavist service providers may include, but are not limited to the following and any further third parties listed in section “Types of Cookies”:
14.1.7 SuperSet. Refer to website at https://superset.apache.org/index.html
Our products integrate with third parties products. We may share your information with these third parties in connection with their services, which will be described in relevant product documentation. Additionally, you may choose to make use of third-party add-ons in conjunction with Adaptavist services. Third-party add-ons are software written by third-parties to which you grant access privileges to your content. We may also share information with these third parties where you have agreed to that sharing. Adaptavist partners may include, but are not limited to:
19 Security and data retention
We employ security measures based on ISO 27001 to protect your information from access by unauthorized persons and against unlawful processing, accidental loss, destruction, damage and unauthorized alteration. How long we keep information we collect about you depends on the type of information. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.
We use physical, electronic, and procedural safeguards to protect any personally identifiable data stored on our computers. Only authorized employees have access to the information you provide us. Any particularly sensitive information, such as a credit card number used to purchase our products and services is encrypted using payments’ systems and Adaptavist staff never have access to your credit card or debit card details.
While we cannot guarantee that loss, misuse or alteration to data will never occur, we take many precautions to prevent such unfortunate occurrences and have measures in place to detect any such breaches of security.
In the event of a security breach, we will notify anyone whose personal data may have been compromised as well as the law enforcement authorities in the United Kingdom and other countries as applicable.
You are ultimately responsible for the security of any usernames and passwords we supply to you. Please take care when using and storing them. Adaptavist recommends that you do not divulge your password to anyone. You should log out of your browser at the end of each computer session to ensure that others cannot access your personal information and correspondence, especially if several people have access to your personal computer or you are using a computer in a public place.
As part of the requirements of the General Data Protection Regulation (GDPR), Adaptavist have registered with the Data Commissioner in the United Kingdom and you can see our notification report on their website (after clicking the link, enter “Adaptavist” as the name and click the ‘Search Register’ button).
Any information will be collected, stored and processed within countries that comply with the GDPR. Primarily data is stored within UK / EU / USA data centers, all of which have the appropriate compliance frameworks – including support for GDPR and EU Privacy Shield.
20 Cloud-Only Security Policies
Adaptavist provides Hosted Apps for Atlassian Cloud products that are delivered via the Atlassian Connect framework. Adaptavist also provides apps for Slack and Trello. Together, these are our “Cloud Apps”.
The following terms apply to our Cloud apps only. Adaptavist uses AWS to host its Cloud hosted add-on components. Adaptavist and its affiliates are responsible for monitoring and maintaining the AWS infrastructure required to support our Cloud Apps. Log information is stored on Elastic Cloud hosted on AWS.
20.1 Data Storage and Facilities
20.1.1 Stored Jira and Confluence Data
Unless specifically highlighted below Adaptavist do not store our customer data which instead is stored in the Atlassian Cloud Product that the add-on applies to. The data stored in the Atlassian Cloud Product is covered by the Atlassian Cloud Policy which can be found here.
18.104.22.168 Exceptions for all Cloud Apps
22.214.171.124.1 Account Data: Our Cloud Apps store data provided and generated by Atlassian, that are required for license validation, contract administration and communication with the customer instance.
126.96.36.199.2 Session Data: Our Cloud Apps store data resulting from each customer’s use of the service and is distinguished from Customer Uploaded Data. This includes for example usage statistics of service functionality such as the total number of ScriptRunner functions used per day. This data is anonymised. Therefore, we cannot identify the end user this data relates to.
188.8.131.52.3 Analytics: We use Google Analytics and Segment.io to allow us to analyse behaviour patterns that ultimately lead to product improvements. It is exclusively used in order to improve our service. It does not contain any Customer Uploaded Data or Operational Data. Adaptavist only capture the page that is viewed and the referrer along with the tenant identifier. There is additionally individual and organisational data that Google Analytics records, Adaptavist do not intend to use this data.
184.108.40.206.5 Metrics: Application metrics are sent to Datadog for analysis and reporting in order for us to monitor the applications performance. This will include anonymised organisational data but no individual data.
220.127.116.11 Exceptions for Specific Cloud Apps: ScriptRunner for Jira Cloud and ScriptRunner for Confluence Cloud: We store customer scripts and queries (encrypted) inside our own infrastructure hosted on AWS and managed and operated by Adaptavist. There may be a few exceptions where select low-risk ScriptRunner Cloud data is still hosted on Jira Cloud (Atlassian) storage.
20.2 Data Location
Data is stored in the following AWS Regions us-west-2, eu-west-1, us-east-1 & eu-west-2
We encrypt sensitive data at rest in our database using AES-256.
20.4 People and Access
Only Adaptavist Developers or Support Engineers have access to the AWS platform hosting our Cloud Apps. They only have access to the application data to perform system or application support. HTTPS and SSH are the only protocols available to our cloud platform. SSH access is limited to Adaptavist Support Engineers. SSH access is restricted to known trusted internal networks with key-based authentication.
Our platform is micro-service based which is also layered into public and internal/private. Each one of these services is responsible for its own data and provides its own access controls. We will also ship and monitor logs from these micro-services which we alert if abnormal behaviour is detected.
Data stored in our AWS platform for all cloud Apps are backed up every 4 hours with incremental backups. Daily backups of the entire platform are taken every 24 hours.
21 Hosted Apps for Atlassian Cloud Products
If you are using our Hosted Apps for Atlassian Cloud Products, Adaptavist will have access to your Atlassian Product license key and in some cases an administrative login to your account. Access to this information is strictly controlled and will only be used for specific support services such as the initial configuration of your Builder account, routine maintenance such as backups and changes to server configuration and also any bespoke content production or alterations we make upon your request.
In addition, Atlassian will have to retain a copy of your contact details and license key of the Atlassian Products for their own records, along with any correspondence you may have with them directly.
22 Slack Apps
When you install Slack Apps created by Adaptavist into your Slack Workspace, you acknowledge and understand that other users of your Slack Workspace may be able to interact with Adaptavist and as such their personal data may be visible to Adaptavist. Adaptavist does not record, disseminate or share with third parties any personally identifiable data from other users of your Workspace. However, statistical data (such as the number of users in the Slack Workspace) is monitored for the purposes of improving, tracking and developing the software only.
From time to time you may need to contact Adaptavist and, likewise, we may need to contact you. During such communications contact details are generally transferred (either manually or automatically) between both parties.
23.1 When you contact Adaptavist
There are numerous ways to contact us, each of them is listed below.
If you telephone us, our itemized billing will contain a record of your telephone number, the date and time on which you called, the duration of your call and the recipient of your call.
From time to time, telephone calls may be recorded to help us monitor and improve our service to clients.
Most telephone companies provide a dialling prefix that will hide your telephone number should you wish your calls to be more anonymous. For further information, please contact your telephone company.
When you send us an email, it will contain your email address and a list of all servers which the email has passed through to get to our email server.
We now provide online email forms on our website (see Contact section for relevant forms) so that you can insert email messages directly into our key departments. Note, however, that any replies we send and your subsequent correspondence will still be transferred as normal email.
In some cases, we may keep email messages for two years or more.
We make extensive use of our online support system to manage emails regarding general inquiries, sales inquiries and support inquiries.
23.1.3 Online Support Website
When you add a support request (and any subsequent posts to it) to our online support site, your request will be stored against your email address. You will also receive email notifications when adding your support request as well as any replies made to that request.
You can view all information stored against your email address at any time by entering the online support system (usually by clicking the link at the bottom of one of the emails you have received from us) and selecting the “Tickets” or “View Tickets” link.
23.2 When we contact you
Should we contact you (usually as a result of you contacting us first), it may be via post or telephone, as well as by e-mail or SMS messaging. If you do not want us to contact you, or would prefer to only be contacted in a specific manner, please email us your preferences.
Note: We have a strong preference for email communication and will only resort to using other alternatives should emails not get through to you.
If we contact you by telephone, our call logs will show your phone number, call duration and date and time. For legal reasons, we’re unable to delete this information.
If we send correspondence via post, there will usually be a document stored on our computer that was used to print the correspondence.