Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

This is our privacy policy for all our apps and websites, as of January 29th, 2019.

Atlassian is not responsible for the privacy, security or integrity of Vendor-Collected End User Data.

What information we collect

We mostly gather information through support cases. We also receive information from Atlassian through licenses ("Atlassian-collected end-user data"), Jira support issues, and from Google Analytics which we use our websites.

We host data created by users in our Cloud apps.

We don't gather any data when apps are installed by the customers on their own server, with the exception of the "feedback job" in Play SQL Base, explained in the table below.

How we use information we collect

We use the information to:

  • Provide the service,
  • Provide support for the software,
  • Explain features and develop engagement about the software,
  • Balance the time we spend improving features which are used the most,
  • We may use information in aggregated form (statistics, etc) for advertising,
  • For accounting purpose, concerning billing information,
  • For legal reasons, to protect the owner, the company, the software or when required by law.

This includes:

  • Customers with a license are added to a mailing list to notify them about features of the product. They can unsubscribe from this mailing list.

What data is collected?

Data collected in the products

Atlassian defines:

  • Atlassian-collected end-user data (basically, the license details)
  • Vendor-collected end-user data, which we've split in 3 categories:
    • Data containing PII,
    • Other collected data, in normal usage (The free data that users create in the application - We only "collect" this data when you use Cloud products),
    • Data collected by the application when sending a support request (only for Requirement Yogi).

Atlassian is not responsible for the privacy, security or integrity of Vendor-Collected End User Data.

ModeProductStatusAtlassian-collected end-user data (1)

Vendor-collected end-user data (1)

containing PII(3)

Vendor-collected end-user data (1)

Other collected data, in normal usage

Vendor-collected end-user data (1)

when submitting a support request through the app

Server

Requirement Yogi

PaidThe license informationNone

None

  • The debug information (database, version of Java, Confluence, PSEA and the database),
  • The errors of the day (stacktrace and error description),
  • The logged-in username, the user's email and their message, which constitutes PII.
ServerRequirement Yogi for JiraFreeNoneNoneNoneNone
ServerRY Testing & CompliancePaidThe license informationNoneNoneNone
ServerPSEA - Play SQL Export Add-onFreeNoneNoneNoneNone
ServerSEO ManagerFreeNoneNoneNoneNone
Server

Play SQL Base

FreeNone

See "feedback job for Play SQL Base" below.

None

  • The debug information (version of Confluence, and Play SQL),
  • The errors of the day (stacktrace and error description),
  • The logged-in username, the user's email and their message, which constitutes PII.
ServerPlay SQL SpreadsheetsPaidThe license informationSame as Play SQL Base

None

Same as Play SQL Base
ServerPlay SQL FormsFreeNoneNoneNoneNone
Cloud apps
CloudPlay SQL SpreadsheetsPaidThe license informationNone

Application data(2) (spreadsheets).

None
CloudSQL ConnectorPaidThe license informationNone

Application data(2) (SQL queries, connection tokens to the database).

None
CloudCYO Create Your OwnRetiredNoneNone

Application data(2) (HTML and Javascript).

None

(1) As defined in Atlassian Marketplace Publisher Agreement, section §8.4

(2) Free data may contain PII if users have entered some.

(3) PII: Personally identifiable information (user names, email, phone number, etc).

The feedback job for Play SQL Base

In Play SQL Base and Play SQL Spreadsheets, there is a feedback job:

  • The PII in this data is the Server ID and the server's default email.
  • The administrator is requested whether they want to leave in on, during the installation.
  • The administrator can later disable this option, in the "Privacy Policy" tab,
  • The "feedback email" is sent every month to Play SQL, using Confluence's default mail feature,
  • The other contents of the email can be seen in the "Privacy policy" tab,
  • The other contents of the email are: the sender email (which is the default email of the Confluence server), the server ID, the Confluence and Play SQL Spreadsheets versions, the number and type of databases connected to Play SQL, the number of users on the instance, the count of usage of 4 features (queries, parameters, timeout, formulas).

If the administrator has deactivated this feedback job, then no information is sent to Play SQL.

What other data is collected?

  • We have Google Analytics on our websites.
    • Google collects data about page views which is returned in a form that is not personally identifiable to us, notably aggregated by location, age, gender or demographic factors.
    • We do not engage in remarketing.
    • We have NOT enabled Advertising features in Google Analytics.
  • We have mailing-lists, managed by MailChimp. Users can opt-in, out-out and manage their subscription by clicking on the link in emails.
  • Users can get support through a Jira Cloud website, which is under Atlassian's privacy policy.
  • Users can get support by email, in which case we manage our emails through FastMail.

How we share information we collect

Play SQL is currently a sole-trader company (company type "SASU" in France) with:

  • The founder, Adrien Ragot,
  • If any employee or intern is hired, they sign a contract stating that they are strongly forbidden from leaking any information,
  • Temporary contractors, hired for a specific time or project.

There are special situations where external people may have access to the data:

  • In the situation where the company or one product is sold to a new owner: We sign a mutual NDA before the negotiation. Upon ownership transfer, the new owner takes responsibility for respecting the current licenses and privacy policy.
  • In the situation where someone illegally accesses our systems, we cannot provide control about your data,
  • In the situation where we are compelled by law to provide this information, we cannot provide control about your data.

Here is what we allow:

InformationFounderEmployees under confidentiality agreementContractorsAccountant
BillingYesNoNoYes
Application DataYesYesYesNo
Web AnalyticsYesYesNoNo
SupportYesYesNoNo

How we host and transfer data internationally

Security

Please see our Security Policy.

How long we keep information

We try to delete data as early as possible, except for backups which we keep a little longer. 

License information

License information is provided to us by Atlassian every time we need it.

If Atlassian starts limiting the history, then we will store it for up to 2 years, mainly for accounting purposes.

User-created data in our Cloud apps

We delete data from the active databases as soon as the addon is uninstalled.

We have kept data from uninstalled customers by mistake in the past, which we are in the process of deleting at the time of writing this document, which will occur before February 28th, 2019.

We keep a backup of customer data for 2 months.

Our providers, where we keep information and how it is transferred internationally

Our products are generally hosted by Digital Ocean, except our website which is managed by OVH, France. The computers we use to create software and access your information are located in France.

DataProductWhere it is hostedLinkData Processing Addenum
CloudPlay SQL SpreadsheetsDigital Ocean, Amsterdam, Netherlandshttps://www.digitalocean.com/legal/(tick) Part of their ToS
CloudSQL ConnectorDigital Ocean, Amsterdam, Netherlands
CloudCYO Create Your OwnDigital Ocean, Amsterdam, Netherlands
CloudBackupsDigital Ocean, Amsterdam, Netherlands
WebOur websiteOVH, Francehttps://www.ovh.com/fr/protection-donnees-personnelles/(tick) Part 2 of their ToS
Mailing listsAllMailChimp, USA

https://mailchimp.com/legal/privacy/

EmailFastmailFastmail, Australia / USA.https://www.fastmail.com/help/ourservice/security.html

(tick) Part of their ToS

DesktopOur computers, our company, etc.Encrypted laptops and desktops, France.-

We plan to use Amazon Web Services in the future for several of those services.

How to access and control your information

You have a right to access the personal information we collect and correct it. Most of the processes are automated:

  • Concerning the "feedback job" of Play SQL Spreadsheets, you can disable it in the "Privacy Policy" tab of your add-on,
  • Concerning the data that is sent for support cases, you are notified and you can send an email manually to us,
  • Concerning the free data that you create in the Cloud apps, you can edit it in the application.
  • Concerning backups, our Cloud products contain a "Backup" page which can be used to export your data.

If any process is not automated or you do not know how to exercise your rights, you may exercise them by contacting Adrien Ragot at:

Emailgdpr@play-sql.com
Mail

Responsable GDPR

Play SQL

77 rue Maurice Flandin

69003 Lyon

France

How we update this policy

We may update this policy without notice, for the purposes of being more specific, reflecting a new practice or complying to legal requirements.

Change log:

  • January 29th, 2018: Rewrite, to comply with Atlassian's request for updated policies, to have one policy for all products, to be specific on the location of your data, and to reflect up-to-date information.
  • September 11th, 2015: Add sections "What data we have", "Who accesses the data", "How we keep our servers secure", "How you can opt out" - see page history.
  • November 11th, 2013: Rewrite, to go from generic statements to specific ones.
  • October 2nd, 2013: Original version.

Application

Our Privacy Policy applies to all of the websites and software offered by us. It excludes services offered by Atlassian or any other provider.

When we receive formal written complaints, we contact the person who made the complaint to follow up. In case of dispute, we seek the best amicable resolution. We may work with appropriate regulatory authorities to resolve complaints. The privacy policy is governed by the laws of France, and, subject to the following sentence, in case of dispute, the parties irrevocably and unconditionally submit to the exclusive jurisdiction of the courts of Lyon, France.



  • No labels