Data and Security Statement - Jira

Owned by Ian Bradley
Jun 15, 2024
2 min read

1st June 2024

 Overview

This is a data security and privacy statement for Metricus Jira Applications, including Workflow Analytics and Workflow Optimizer.  This statement applies to both cloud and data center versions of the applications.

 Permissions Scope

The applications require the following permissions;

read:jira-work

required to read issue data

storage:app

required to store the data model and activity entities

read:group:jira

required by the admin component of the applications (within Manage Apps) to read the existing groups in your Jira instance

read:jira-user

required by the admin component of the applications (within Manage Apps) to read the existing users in your Jira instance

external:fetch:client

If the option to save the event log is selected in the Admin component of the application, then the event log data is sent via a Rest API at process-optimizer-jira.metricus.com

Data Storage

If the option to save the event log IS NOT selected in the Admin component of the application, then no data is transferred outside of your Jira instance as Workflow Analytics and Workflow Optimizer are client React applications

If the option to save the event log IS selected in the Admin component of the application, the event log data consisting of the following:

  • History related to the activity selected, this includes the person ID associated with the history entry

  • Issue #, create time and close time

  • The Issue attributes selected for the data model

is encrypted and compressed, and saved to a MySQL database server in the Western Europe Azure Zone. The encryption algorithm uses a UUID generated and stored via the Storage API within your Jira instance.   This ensures that it is not possible for Metricus to know what Jira instance a record in the Event Log table relates to, nor is it possible for Metricus to decrypt any data.

The Rest API end point is that manages the MySQL connection is  https://process-optimizer-jira.metricus.com 

Data Retention

Any event log data saved is deleted when the application is uninstalled

Anonymization

Anonymization of person data is available in a data model by selecting the ‘Anonymize User Data’ option. This will randomly allocate a user name to ‘Person x’ in the client

Hosting

The MySQL database is located in the Western Europe Azure Zone