Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Excerpt
hiddentrue
namePrivacy policy

This is our privacy policy for all our apps and websites.

This is our privacy policy for all our apps and websites, as of January 29thJune 26th, 2019.

Table of Contents

Atlassian 2023. By using our products:

  • You agree that your information may be used according to the following policy,

  • You agree that your information may be used according to the Security Policy,

  • You agree to the Terms of Use (for cloud products) or to the End-User License Agreement (for downloadable products),

  • You agree that Atlassian is not responsible for the privacy, security or integrity of Vendor-Collected End User Data.

Contents:

Table of Contents

What information we collect

We mostly gather information through support cases. We also receive information from Atlassian through licenses ("Atlassian-collected end-user data"), Jira support issues, and from Google Analytics which we use our websiteswebsite tracking tools such as Google Analytics, Fullview, or other session-recording tools.

We host data created by users in our Cloud apps.

We don't gather collect any data when apps are installed by the customers on their own server, with the exception of the "feedback job" in Play SQL Base, explained in the table below.

...

We use the information to:

  • Provide the service,

  • Provide support for the software,

  • Explain features and develop engagement about the software,

  • Balance the time we spend improving features which are used the most,

  • We may use information in aggregated form (statistics, etc) for advertising,

  • For accounting purpose, concerning billing information,

  • For legal reasons, to protect the owner, the company, the software or when required by law.

This includes:

  • Customers with a license are added to a mailing list to notify them about features of the product. They can unsubscribe from this mailing list.

What data is collected?

Data collected in the products

Atlassian defines:

  • Atlassian-collected end-user data (basically, the license details)

  • Vendor-collected end-user data, which we've split in 3 categories:

    • Data containing PII,

    • Other collected data, in normal usage (The free data that users create in the application - We only "collect" this data when you use Cloud products),

    • Data collected by the application when sending a support request (only for Requirement Yogi).

Atlassian is not responsible for the privacy, security or integrity of Vendor-Collected End User Data.

Mode

Product

Status

Framework

Atlassian-collected end-user data (1)

Vendor-collected end-user data (1)

Data containing PII(3)

Vendor-collected end-user data (1)

Other collected data, in normal usage

Vendor-collected end-user data (1)

when submitting a support request through the app

ServerRequirement YogiServer

Cloud

Requirement Yogi

Paid

Atlassian Connect

using Atlassian's official ACSB.

The license subscription information

None

Application data(2) (the requirements, page IDs, page titles, Jira issues)

Cloud

Requirement Yogi for Jira

Paid

The license subscription information

None

None

  • The debug information (database, version of Java, Confluence, PSEA and the database),
  • The errors of the day (stacktrace and error description),
  • The logged-in username, the user's email and their message, which constitutes PII.

Application data(2) (the requirements text, page IDs, page titles, Jira issues)


Server / DC

Requirement Yogi

Paid






Atlassian P2 plugins

The license subscription information

None

None

Server / DC

Requirement Yogi for Jira

Free

None

None

None

None

Server / DC

RY Testing & Compliance

Paid

The license subscription information

None

None

DC

RY-Comala integration

Paid

The license subscription information

None

None

Server / DC

PSEA - Play SQL Export Add-on

Free

None

None

None

None

Server / DC

SEO Manager

Free

None

None

None

NoneServerPlay SQL SpreadsheetsPaidThe license informationSame as Play SQL Base

None

Same as Play SQL BaseServerPlay SQL FormsFreeNoneNoneNoneNoneCloud appsCloudPlay SQL SpreadsheetsPaidThe license informationNone

Application data(2) (spreadsheets).

NoneCloudSQL ConnectorPaidThe license informationNone

Application data(2) (SQL queries, connection tokens to the database).

NoneCloudCYO Create Your OwnRetiredNoneNone

Application data(2) (HTML and Javascript).

Server / DC

Play SQL Base

Free

None

See "feedback job for Play SQL Base" below.

None

  • The debug information (version of Confluence, and Play SQL),
  • The errors of the day (stacktrace and error description),
  • The logged-in username, the user's email and their message, which constitutes PII.

None since 3.1.2(4)

None

Server / DC

Play SQL Spreadsheets

Free

None

None since 3.1.2(4)

None

Server / DC

Play SQL Forms

Free

None

None

None

Server / DC

ReqIF extension for Requirement Yogi

Free

None

None

None

(1) As defined in Atlassian Marketplace Publisher Agreement, section §8.4: Generally the company name, country, address, technical email, licensing email, reseller details, license number, etc.

(2) Free data text may contain PII if users have entered someany.

(3) PII: Personally identifiable information (user names, email, phone number, etc).

...

(4) There used to be a feedback job

...

in Play SQL Base

...

In Play SQL Base and Play SQL Spreadsheets, there is a . This feedback job :

  • The PII in this data is the Server ID and the server's default email.
  • The administrator is requested whether they want to leave in on, during the installation.
  • The administrator can later disable this option, in the "Privacy Policy" tab,
  • The "feedback email" is sent every month to Play SQL, using Confluence's default mail feature,
  • The other contents of the email can be seen in the "Privacy policy" tab,
  • The other contents of the email are: the sender email (which is the default email of the Confluence server), the server ID, the Confluence and Play SQL Spreadsheets versions, the number and type of databases connected to Play SQL, the number of users on the instance, the count of usage of 4 features (queries, parameters, timeout, formulas).

If the administrator has deactivated this feedback job, then no information is sent to Play SQL.

was removed in version 3.1.2 (see the history of this page).

What other data is collected?

  • We have Google Analytics on some of our websites.

    • Google collects data about page views which is returned in a form that is not personally identifiable to us, notably aggregated by location, age, gender or demographic factors.

    • We do not engage in remarketing.

    • We have NOT enabled Advertising features in Google Analytics.

  • We have mailing-lists, managed by MailChimp. Users can opt-in, out-out and manage their subscription by clicking on the link in emails.

  • Users can get support through a Jira Cloud website, which is under Atlassian's privacy policy.

  • Users can get support by email, in which case we manage our emails through FastMail.

How we share information we collect

Play SQL Requirement Yogi is currently a sole-trader company (company type "SASU" in France) with:

  • The founder, Adrien Ragot,

  • If any employee or intern is hired, they sign a contract stating that they are strongly forbidden from leaking any information,

  • Temporary contractors, hired for a specific time or project.

There are special situations where external people may have access to the data:

  • In the situation where the company or one product is sold to a new owner: We sign a mutual NDA before the negotiation. Upon ownership transfer, the new owner takes responsibility for respecting or updating the current licenses and privacy policy.

  • In the situation where someone illegally accesses our systems, we cannot provide control about your data,

  • In the situation where we are compelled by law to provide this information, we cannot provide control about your data.

Here is what we allow:

Information

Founder

Employees under confidentiality agreement

Contractors

Accountant

Billing

Yes

No

No

Yes

Application Data

Yes

Yes

Yes

No

Web Analytics

Yes

Yes

No

No

Support

Yes

Yes

No

No

How we host and transfer data internationally

...

We try to delete data as early as possible, except for backups which we keep a little longer. 

License information

License information is provided to us by Atlassian every time we need it.

If Atlassian starts limiting the history, then we will store it for up to 2 years, mainly for accounting purposes.

User-created data in our Cloud apps

We delete data from the active databases as soon as the addon is

uninstalled.We have kept data from

uninstalled

customers by mistake in the past, which we are in the process of deleting at the time of writing this document, which will occur before February 28th, 2019

.

We keep a backup of customer data for up to 2 months.

...

Subprocessors, where we keep information

...

, how it is transferred internationally
Anchor
our_providers
our_providers
Anchor
subprocessors
subprocessors

Our products are generally hosted by Amazon AWS and Digital Ocean, except our website which is managed by OVH, France. The computers we use to create software and access your information are located in France.

Data

Type

Product

Where it is hosted

Link

Data Processing Addenum

Implementation date

Data from Cloud products

Play SQL SpreadsheetsDigital Ocean, Amsterdam, Netherlands

Requirement Yogi

Amazon AWS

https://

www

aws.

digitalocean

amazon.com/

legal

service-terms/

(tick) Part 1.14 of their ToS

CloudSQL ConnectorDigital Ocean, Amsterdam, NetherlandsCloudCYO Create Your OwnDigital Ocean, Amsterdam, NetherlandsCloudBackupsDigital Ocean, Amsterdam, NetherlandsMailChimp,

Pre-2022

Web

Our website

OVH, France

https://www.ovh.com/fr/protection-donnees-personnelles/

(tick) Part 2 of their ToS

Mailing listsAll

Pre-2022

Web

Cloudflare

USA

https://www.cloudflare.com/cloudflare-customer-dpa/

(tick) DPA CloudFlare

2023

Web

Google Analytics 4

Europe

https://support.google.com/analytics/answer/12017362?hl=en

Data is stored in Europe

2023

Web

Google Tag Manager

Google Ads

Europe

https://support.google.com/tagmanager/answer/9323295?hl=en

(tick) DPA for GTM and Google Ads

2023

Web

Fullview

Europe

https://www.fullview.io/extras/privacy

Data is stored in Europe

2023

Support data

Slack

USA

https://

mailchimp

slack.com/

legal

trust/privacy/

(tick) Signed (2019-01-29 MailChimp DPA.pdf)

privacy-policy

(tick) DPA for Slackg

Support data

Jira and Confluence

Europe

-

-

-

Mailing lists

Hubspot

USA

https://legal.hubspot.com/privacy-policy

(tick) DPA for HubSpot

2023

Mailing lists

Mailchimp

Not used anymore since 2023.

Email

Fastmail

Fastmail, Australia / USA.

https://www.fastmail.com/help/ourservice/security.html

(tick) Part of their ToS

Pre-2022

Administrative documents

Encrypted backups of our administrative documents, invoices, work documents.

SpiderOak, USA

https://spideroak.support/hc/en-us/articles/360002173891-GDPR-and-SpiderOak

(tick) 2019-10-24 SpiderOak DPA.pdf

Pre-2022

Desktop

Our computers, our company, etc.

Encrypted laptops, desktops and

desktops, France

hard drives,

Carried by our employees and consultants.

-

...


Pre-2022

How to access and control your information

You have a right to access the personal information we collect and correct it. Most of the processes are automated:

  • Concerning the "feedback job" of Play SQL Spreadsheets, you can disable it in the "Privacy Policy" tab of your add-on,

  • Concerning the data that is sent for support cases, you are notified and you can send an email manually to us,

  • Concerning the free data that you create in the Cloud apps, you can edit it in the application.

  • Concerning backups, our Cloud products contain a "Backup" page which can be used to export your data.

Architecture and specific information for Requirement Yogi Cloud (Confluence and Jira) 
Anchor
specific_information
specific_information

Accurate on February 15th, 2022:

  • The app is deployed on Amazon AWS,

  • This app is integrated with Atlassian using the Atlassian Connect Spring Boot framework. It is not an Atlassian Forge product. It means, when the user interacts with Atlassian Confluence and Jira where the app is installed, Atlassian notifies the app of changes, the app downloads the relevant information, extracts the necessary information and stores it in AWS.

  • The app is deployed in EC2 in the AWS Region eu-west-1 (Ireland),

  • The data is stored in AWS RDS Aurora Postgres, with encryption enabled, in the same AWS Region.

  • The network allowing access to the database is a private subnet, and there is no direct route from the worldwide internet to the database itself,

  • The logs are stored in AWS CloudWatch using the default encryption,

  • The change events are stored in AWS CloudTrail,

  • Employees under confidentiality agreement can access the live data in the database, the live servers, and the backups.

This information is subject to change in case of architectural change: if we decide to migrate the app to another provider, or if we decide to change databases inside of AWS, or if we decide to add/remove availability zones, or if we decide of another architecture. In any case, we will ensure that the data is encrypted at rest.

The data that the app stores is subject to constant changes depending on features we develop. For the moment, the data is:

  • The key and body of requirements,

  • The keys and titles of Jira issues,

  • The page IDs, and sometimes the page titles and page body, specifically if there is an error and the support might need to investigate,

  • Data which the users create in the app, notably reports they create, transformation templates, etc.,

  • The userKey associated with changes, which is an anonymized identifier provided to us by Atlassian,

  • The clientKey, which is the key of the instance, and its URL,

  • License information provided by Atlassian,

  • We only retrieve information made accessible to us by Atlassian or edit information that Atlassian allows us to, and we don't recoup this information with other sources.

Contact

If any process is not automated or you do not know how to exercise your rights, you may exercise them by contacting Adrien Ragot at:

Email

gdpr@play

gdpr@r-

sql

yogi.com

Mail

Requirement Yogi - Responsable GDPR

Play SQL

77 rue Maurice Flandin

69003 Lyon

535 route des Lucioles

Les Aqueducs B3

06560 Sophia Antipolis

France

How we update this policy

We may update this policy without notice, for the purposes of being more specific, reflecting a new practice or complying to legal requirements.

Change log:

  • October 17th, 2023: Added Fullview, Google Tag Manager, Google Analytics 4,

  • February 15th, 2022: Added Amazon AWS and Requirement Yogi Cloud, and removed cloud products which have been shut down. Added a specific section for Requirement Yogi Cloud.

  • October 2nd, 2019: Added SpiderOak for our backups; Reflected the removal of support-requests-through-the-app features.

  • January 29th,

    2018

    2019: Rewrite, to comply with Atlassian's request for updated policies, to have one policy for all products, to be specific on the location of your data, and to reflect up-to-date information.

  • September 11th, 2015: Add sections "What data we have", "Who accesses the data", "How we keep our servers secure", "How you can opt out" - see page history.

  • November 11th, 2013: Rewrite, to go from generic statements to specific ones.

  • October 2nd, 2013: Original version.

Application

Our Privacy Policy applies to all of the websites and software offered by us. It excludes services offered by Atlassian or any other provider.

...