I would like to pursue the Play SQL development as far as my users need. I meet two kinds of hurdles in this quest:
I often have to meet banks, formal institutions and stakeholders which are important to this development. In fact, they are so important they have have the power of go/no go on many administrative aspects of this project. Therefore it is required that I spend hours, day and months to convince them. They ask: “How many users do you have?” The Atlassian Marketplace figures cannot answer this question. They ask: “How many active users do you have?” It is required that I spend time gathering such figures.
The other kind of hurdle is about choosing features. Some features take a long time to support and I should carefully choose what I spend my time at. I need to measure which ones are effectively used and which ones to focus on.
Hence I’ve built in some usage data reporting. This privacy policy will detail the extent and use of this reporting and all other personal information we may collect. You can see them in the add-on itself: In your Confluence instance, click the Help button, then Play SQL.
Information we collect
We collect information to provice better services to all of our users. We collect information in several ways:
Information you give us.
For example, you provide information to Atlassian about the name of your company, the number of users, the add-on you’ve installed and its version. Atlassian makes some of this information accessible to us, which we download and use. Another example is information you give us for technical support, such as the email and user you send from, the date, and the information you send along. You may provide information by subscribing our blogs, mailing list or social network.
Information we get from your use of our software.
We may collect information about the features you use and how you use them. This information includes:
- Number of users
- Confluence version
- Add-on versions
- Types of connections you have configured (driver, read-only or read-write)
- Number of queries or tables you have
- Number of queries you’ve modified in the last month
- Usage of the extra features on the queries or tables
- Number of datasources and administrators
- The Server ID
The information above is reported monthly by e-mail. It is possible to deactivate reporting by deactivating the monthly job.There is other information which we store or which you produce by a side-effect of using our software, such as:
Local storage: We may collect and store information (including personal information) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.
Cookies and anonymous identifiers: The software we use may use various technologies to collect and store information when you visit our websites, and this may include sending one or more cookies or anonymous identifiers to your device.
How we use information we collect
We use the information we collect to provide support, maintain, protect and improve our software, and to develop new software. We also use aggregations and visual representations of this information to inform trusted partners, providers and customers about our software and our business.
When you contact us, we may keep a record of your communication to help solve any issues you might be facing. We may use your email address to inform you about our services, such as letting you know about upcoming changes or improvements.
We will ask for your consent before using information for a purpose other than those that are set out in this Privacy Policy.
We process personal information on our servers in several countries around the world. We may process your personal information on a server located outside the country where you live.
Transparency and choice
People have different privacy concerns. Our goal is to be clear about what information we collect, so you can make meaningful choices about how it is used. For example, you can:
- Communicate with Atlassian to check, review or edit some of the information they have about use and that they forward to us.
- Review the information which is sent by the add-on to us.
- Choose to uninstall the add-on or the product.
- Choose to set your browser to block all cookies, including cookies associated with our services, or to indicate when a cookie is being sent by us. However, it’s important to remember that our websites may not work properly if you cookies are disables.
Accessing and updating your personal information
Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort. We may reject requests that are unreasonably repetitive, require disproportionate technical effort, risk the privacy of others, or would be extremely impractical. We may also request proofs of the information you provide and reject requests if the information is wrong or can’t be proven.
Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort. We aim to maintain our services in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.
Information we share
We do not share personal information with companies, organizations and individuals outside of Google unless one of the following circumstances apply:
With your consentWe will share personal information with companies, organizations or individuals outside of us when we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information.
For external processing or transfer
We provide information to our affiliates or other trusted businesses or persons to process or transfer it for us. For example, some information may be stored and processed by Google and communicated using regular Internet communication channels and protocols.
With third-parties
- The documentation website uses Google Analytics based on Display Advertising (including Google Analytics Demographics and Interest Reporting).
- Visitors can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Settings.
For legal reasons
We will share personal information with companies, organizations or individuals outside of Google if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- Meet any applicable law, regulation, legal process or governmental request;
- Enforce applicable Terms of Service or EULA, including investigation of potential violations;
- Detect, prevent or otherwise address fraud, security or technical issues, protect against harm to our rights, property, benefits or safety.
Aggregated, non-personally identifiable information
We may share aggregated, non-personally identifiable information publicly and with our partners – like banks, funding companies or individuals, advertisers or connect sites. For example, we may share information publicly to show trends about the general use of our services.
If we are involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy.
Information security
We intend to offer the best security information about your use of our software. In particular:
...
| Excerpt | ||||
|---|---|---|---|---|
| ||||
This is our privacy policy for all our apps and websites. |
This is our privacy policy for all our apps and websites, as of June 26th, 2023. By using our products:
You agree that your information may be used according to the following policy,
You agree that your information may be used according to the Security Policy,
You agree to the Terms of Use (for cloud products) or to the End-User License Agreement (for downloadable products),
You agree that Atlassian is not responsible for the privacy, security or integrity of Vendor-Collected End User Data.
Contents:
| Table of Contents |
|---|
What information we collect
We gather information through support cases. We also receive information from Atlassian through licenses ("Atlassian-collected end-user data"), Jira support issues, and from website tracking tools such as Google Analytics, Fullview, or other session-recording tools.
We host data created by users in our Cloud apps.
We don't collect any data when apps are installed by the customers on their own server, with the exception of the "feedback job" in Play SQL Base, explained in the table below.
How we use information we collect
We use the information to:
Provide the service,
Provide support for the software,
Explain features and develop engagement about the software,
Balance the time we spend improving features which are used the most,
We may use information in aggregated form (statistics, etc) for advertising,
For accounting purpose, concerning billing information,
For legal reasons, to protect the owner, the company, the software or when required by law.
This includes:
Customers with a license are added to a mailing list to notify them about features of the product. They can unsubscribe from this mailing list.
What data is collected?
Data collected in the products
Atlassian defines:
Atlassian-collected end-user data (basically, the license details)
Vendor-collected end-user data, which we've split in 3 categories:
Data containing PII,
Other collected data, in normal usage (The free data that users create in the application - We only "collect" this data when you use Cloud products),
Data collected by the application when sending a support request (only for Requirement Yogi).
Atlassian is not responsible for the privacy, security or integrity of Vendor-Collected End User Data.
Mode | Product | Status | Framework | Atlassian-collected end-user data (1) | Vendor-collected end-user data (1) | |
|---|---|---|---|---|---|---|
Data containing PII(3) | Other collected data, in normal usage | |||||
Cloud | Requirement Yogi | Paid | Atlassian Connect using Atlassian's official ACSB. | The license subscription information | None | Application data(2) (the requirements, page IDs, page titles, Jira issues) |
Cloud | Requirement Yogi for Jira | Paid | The license subscription information | None | Application data(2) (the requirements text, page IDs, page titles, Jira issues) | |
Server / DC | Requirement Yogi | Paid | Atlassian P2 plugins | The license subscription information | None | None |
Server / DC | Requirement Yogi for Jira | Free | None | None | None | |
Server / DC | RY Testing & Compliance | Paid | The license subscription information | None | None | |
DC | RY-Comala integration | Paid | The license subscription information | None | None | |
Server / DC | PSEA - Play SQL Export Add-on | Free | None | None | None | |
Server / DC | SEO Manager | Free | None | None | None | |
Server / DC | Play SQL Base | Free | None | None since 3.1.2(4) | None | |
Server / DC | Play SQL Spreadsheets | Free | None | None since 3.1.2(4) | None | |
Server / DC | Play SQL Forms | Free | None | None | None | |
Server / DC | ReqIF extension for Requirement Yogi | Free | None | None | None | |
(1) As defined in Atlassian Marketplace Publisher Agreement, section §8.4: Generally the company name, country, address, technical email, licensing email, reseller details, license number, etc.
(2) Free text may contain PII if users have entered any.
(3) PII: Personally identifiable information (user names, email, phone number, etc).
(4) There used to be a feedback job in Play SQL Base and Play SQL Spreadsheets. This feedback job was removed in version 3.1.2 (see the history of this page).
What other data is collected?
We have Google Analytics on some of our websites.
Google collects data about page views which is returned in a form that is not personally identifiable to us, notably aggregated by location, age, gender or demographic factors.
We do not engage in remarketing.
We have NOT enabled Advertising features in Google Analytics.
We have mailing-lists, managed by MailChimp. Users can opt-in, out-out and manage their subscription by clicking on the link in emails.
Users can get support through a Jira Cloud website, which is under Atlassian's privacy policy.
Users can get support by email, in which case we manage our emails through FastMail.
How we share information we collect
Requirement Yogi is currently a sole-trader company (company type "SASU" in France) with:
The founder, Adrien Ragot,
If any employee or intern is hired, they sign a contract stating that they are strongly forbidden from leaking any information,
Temporary contractors, hired for a specific time or project.
There are special situations where external people may have access to the data:
In the situation where the company or one product is sold to a new owner: We sign a mutual NDA before the negotiation. Upon ownership transfer, the new owner takes responsibility for respecting or updating the current licenses and privacy policy.
In the situation where someone illegally accesses our systems, we cannot provide control about your data,
In the situation where we are compelled by law to provide this information, we cannot provide control about your data.
Here is what we allow:
Information | Founder | Employees under confidentiality agreement | Contractors | Accountant |
|---|---|---|---|---|
Billing | Yes | No | No | Yes |
Application Data | Yes | Yes | Yes | No |
Web Analytics | Yes | Yes | No | No |
Support | Yes | Yes | No | No |
How we host and transfer data internationally
Security
Please see our Security Policy.
How long we keep information
We try to delete data as early as possible, except for backups which we keep a little longer.
License information | License information is provided to us by Atlassian every time we need it. If Atlassian starts limiting the history, then we will store it for up to 2 years, mainly for accounting purposes. |
|---|---|
User-created data in our Cloud apps | We delete data from the active databases as soon as the addon is uninstalled. We keep a backup of customer data for up to 2 months. |
Subprocessors, where we keep information, how it is transferred internationally
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
Our products are generally hosted by Amazon AWS and Digital Ocean, except our website which is managed by OVH, France. The computers we use to create software and access your information are located in France.
Type | Product | Where it is hosted | Link | Data Processing Addenum | Implementation date |
|---|---|---|---|---|---|
Data from Cloud products | Requirement Yogi | Amazon AWS |
| Pre-2022 | |
Web | Our website | OVH, France | Pre-2022 | ||
Web | Cloudflare | USA | 2023 | ||
Web | Google Analytics 4 | Europe | Data is stored in Europe | 2023 | |
Web | Google Tag Manager Google Ads | Europe | 2023 | ||
Web | Fullview | Europe | Data is stored in Europe | 2023 | |
Support data | Slack | USA | |||
Support data | Jira and Confluence | Europe | - | - | - |
Mailing lists | Hubspot | USA | 2023 | ||
Mailing lists | Mailchimp | Not used anymore since 2023. | |||
Fastmail | Fastmail, Australia / USA. | Pre-2022 | |||
Administrative documents | Encrypted backups of our administrative documents, invoices, work documents. | SpiderOak, USA | https://spideroak.support/hc/en-us/articles/360002173891-GDPR-and-SpiderOak | Pre-2022 | |
Desktop | Our computers, our company, etc. | Encrypted laptops, desktops and hard drives, Carried by our employees and consultants. | Pre-2022 | ||
How to access and control your information
You have a right to access the personal information we collect and correct it. Most of the processes are automated:
Concerning the "feedback job" of Play SQL Spreadsheets, you can disable it in the "Privacy Policy" tab of your add-on,
Concerning the data that is sent for support cases, you are notified and you can send an email manually to us,
Concerning the free data that you create in the Cloud apps, you can edit it in the application.
Concerning backups, our Cloud products contain a "Backup" page which can be used to export your data.
Architecture and specific information for Requirement Yogi Cloud (Confluence and Jira)
| Anchor | ||||
|---|---|---|---|---|
|
Accurate on February 15th, 2022:
The app is deployed on Amazon AWS,
This app is integrated with Atlassian using the Atlassian Connect Spring Boot framework. It is not an Atlassian Forge product. It means, when the user interacts with Atlassian Confluence and Jira where the app is installed, Atlassian notifies the app of changes, the app downloads the relevant information, extracts the necessary information and stores it in AWS.
The app is deployed in EC2 in the AWS Region eu-west-1 (Ireland),
The data is stored in AWS RDS Aurora Postgres, with encryption enabled, in the same AWS Region.
The network allowing access to the database is a private subnet, and there is no direct route from the worldwide internet to the database itself,
The logs are stored in AWS CloudWatch using the default encryption,
The change events are stored in AWS CloudTrail,
Employees under confidentiality agreement can access the live data in the database, the live servers, and the backups.
This information is subject to change in case of architectural change: if we decide to migrate the app to another provider, or if we decide to change databases inside of AWS, or if we decide to add/remove availability zones, or if we decide of another architecture. In any case, we will ensure that the data is encrypted at rest.
The data that the app stores is subject to constant changes depending on features we develop. For the moment, the data is:
The key and body of requirements,
The keys and titles of Jira issues,
The page IDs, and sometimes the page titles and page body, specifically if there is an error and the support might need to investigate,
Data which the users create in the app, notably reports they create, transformation templates, etc.,
The userKey associated with changes, which is an anonymized identifier provided to us by Atlassian,
The clientKey, which is the key of the instance, and its URL,
License information provided by Atlassian,
We only retrieve information made accessible to us by Atlassian or edit information that Atlassian allows us to, and we don't recoup this information with other sources.
Contact
If any process is not automated or you do not know how to exercise your rights, you may exercise them by contacting Adrien Ragot at:
Requirement Yogi - Responsable GDPR 535 route des Lucioles Les Aqueducs B3 06560 Sophia Antipolis France |
How we update this policy
We may update this policy without notice, for the purposes of being more specific, reflecting a new practice or complying to legal requirements.
Change log:
October 17th, 2023: Added Fullview, Google Tag Manager, Google Analytics 4,
February 15th, 2022: Added Amazon AWS and Requirement Yogi Cloud, and removed cloud products which have been shut down. Added a specific section for Requirement Yogi Cloud.
October 2nd, 2019: Added SpiderOak for our backups; Reflected the removal of support-requests-through-the-app features.
January 29th, 2019: Rewrite, to comply with Atlassian's request for updated policies, to have one policy for all products, to be specific on the location of your data, and to reflect up-to-date information.
September 11th, 2015: Add sections "What data we have", "Who accesses the data", "How we keep our servers secure", "How you can opt out" - see page history.
November 11th, 2013: Rewrite, to go from generic statements to specific ones.
October 2nd, 2013: Original version.
Application
Our Privacy Policy applies to all of the websites and software offered by us and our affiliates, but excludes services that have separate privacy policies that do not incorporate this Privacy Policy. It excludes services offered by Atlassian or any other provider.
When we receive formal written complaints, we contact the person who made the complaint to follow up. In case of dispute, we seek the best amicable resolution. We may work with appropriate regulatory authorities to resolve complaints.Our Privacy Policy may change from time to time. We will post any privacy policy changes on this page The privacy policy is governed by the laws of France, and, subject to the following sentence, in case of dispute, the parties irrevocably and unconditionally submit to the exclusive jurisdiction of the courts of Lyon, France.