Data Security Statement


Effective starting: March 15, 2022

Data Security and Privacy Statement - K15t GmbH

Protecting your data and your privacy is a high priority and is very important to us. K15t adheres to a strict policy for ensuring the security and privacy of your data, in particular your personally identifiable information (such as full name, address, e-mail address, and/or other identifiable information, collectively such personally identifiable information "Personal Data").

info

This privacy statement is accompanied by the Data Processing Addendum.

Overview

K15t provides hosted services ("Cloud Apps") for Atlassian Cloud Products. The Apps are delivered through the Atlassian Connect App framework ("Atlassian Connect"). Cloud Apps can be identified by the "Cloud" category in the corresponding Atlassian Marketplace listing.

K15t also provides downloadable products ("Server Apps") for Atlassian Server and Data Center Products, which are installed on the client's IT-systems. Server Apps can be identified by the "Server" or “Data Center” categories in the corresponding Atlassian Marketplace listing.

This Data Security and Privacy Statement will provide you with an overview of the collection and processing of your data for both Cloud and Server Apps.

In the following all data created by an Atlassian Cloud or Server Product end user and stored within the Atlassian Product are defined as "Customer Data".

Data Security

We maintain state-of-the-art technical and organizational measures in order to ensure data security, in particular for the protection of your Personal Data. These measures are updated from time to time in order to remain state-of-the-art. If your are interested in our data security concept please contact us.

Cloud Apps

Data Storage

Unless otherwise stated below our Cloud Apps do not store Customer Data locally, but store Customer Data in the corresponding Atlassian Cloud Product. The Atlassian Cloud Product Security Statement can be found here.

Exceptions applying to all Cloud Apps:

  • Account Data: Our Cloud Apps store data provided and generated by Atlassian, that are required for license validation, contract administration and communication with the customer instance. This includes for example AddOnKey, ProductType, ClientKey, BaseUrl, ServiceEntitlementNumber, SharedSecret, OauthClientId. Account Data is deleted at the latest 180 days after the customer unsubscribed from the service (see below section "End of Subscription").

  • Session Data: Our Cloud Apps store data resulting from the customer' use of the service and is distinguished from Customer Uploaded Data. This includes for example usage statistics of service functionality such as the total number of exports per day. This data is anonymized. Therefore, we cannot identify the end user this data relates to. It is exclusively used in order to improve our service. It does not contain any Customer Uploaded Data or Operation Data.

  • Support Data: Our Cloud Apps may offer a problem report functionality which can be triggered in the respective Apps. If a Cloud App offers such functionality, it allows you to automatically report the error to our support team. This functionality will collect relevant support data (e.g. Account Data, Operation Data, Customer Uploaded Data) from our systems and will create a support ticket in our support system on behalf of your users' email address. This data will be stored in the same data location that executed the operation, but also downloaded to our own IT-system by a member of our support team. The data is usually deleted as soon as it is not longer required for providing the service, however, latest 180 days after the customer unsubscribed from the service (see below section "End of Subscription").

  • Real-time Error Tracking Data: Our Cloud Apps track errors of our Cloud Apps' resources executed in the end users' browsers in real-time. This includes for example AddOnKey, ClientKey, BaseUrl, anonymized TrackingID, error messages and information about the environment such as browser type, browser version and operating system. It is exclusively used in order to improve our service.

  • Product Analytics Data: Our Cloud Apps track user behavior to allow better product decisions based on these insights. This includes for example usage of service features such as how often certain features are used and how they are used. This data is anonymized. Therefore, we cannot identify the end user this data relates to. It is exclusively used in order to improve our service.

Exceptions applying to specific Cloud Apps:

Scroll Word Exporter, Scroll PDF Exporter, Scroll HTML Exporter:

  • Operation Data: Our Cloud Apps temporarily store Customer Data which is required for the operation of the service. All temporary data is deleted usually as soon as it is not longer required for providing the service, at latest after 72 hours. Such data for example includes license information for the installed App, spaces, pages, attachments, users, projects, issues, comments, and corresponding metadata. On top of temporary data the apps also generate log files. These may contain page titles, content URLs, and error messages and are deleted after 14 days.

  • Customer Uploaded Data: Our Cloud Apps store data created with and for the Cloud Apps and stored within the Cloud Apps by customer using its user interface. This includes for example the configuration of the Cloud Apps, templates (word documents, pdf styling rules) and metadata managed by the Cloud Apps. Customer Uploaded Data is deleted at the latest 180 days after the customer unsubscribed from the service (see below section "End of Subscription").

Scroll Documents:

  • Operation Data: Our Cloud App temporarily stores Customer Data which is required for the operation of the service. All temporary data is deleted usually as soon as it is not longer required for providing the service, at latest after 90 days. Such data for example includes license information for the installed App, spaces, pages, attachments, users, projects, issues, comments, and corresponding metadata.

Scroll Viewport:

  • Operation Data: Our Cloud App stores Customer Data which is required for the operation of the service. The content of the website generated by the app is stored for the duration of the licensed usage of the Cloud app, unless the website is deleted by the customer through the UI or the customer unsubscribed from the service (see below section "End of Subscription"). In the latter case the Operation Data is deleted at the latest 180 days after the customer unsubscribed from the service see below section "End of Subscription").

  • Customer Uploaded Data: Our Cloud App stores data created with and for the Cloud App and stored within the Cloud App by customer using its user interface. This includes for example the configuration of the Cloud App, configuration of the integration and metadata managed by the Cloud App. Customer Uploaded Data is deleted at the latest 180 days after the customer unsubscribed from the service (see below section "End of Subscription").

Backbone Issue Sync for Jira:

  • Operation Data:  Our Cloud App temporarily stores Customer Data which is required for the operation of the service. All temporary data is deleted usually as soon as it is not longer required for providing the service, at latest when the integration is deleted or 180 days after the customer unsubscribed from the service (see below section "End of Subscription"). Such data for example includes license information for the installed App, projects, configurations, issues, attachments, users, comments, and corresponding metadata.

  • Customer Uploaded Data: Our Cloud App stores data created with and for the Cloud App and stored within the Cloud App by customer using its user interface. This includes for example the configuration of the Cloud App, configuration of the integration and metadata managed by the Cloud App. Customer Uploaded Data is deleted at the latest 180 days after the customer unsubscribed from the service (see below section "End of Subscription").

Data Location

Data location depends on the data residency location chosen by your administrators.

We currently provide data residency support for these locations:

  • Oregon, USA - when using the ‘USA’ location

  • Frankfurt, Germany - when using the ‘German’ or ‘Europe’ locations

Not all of our Cloud apps may support all locations. If an app does not support data residency at all then it is located in Oregon, USA.

Access to Customer Data

Only authorized K15t employees and sub-processors from our support and development teams have access to Customer Data. Such sub-processors are contractually bound to the same data security and privacy standards that apply to us.

Sub-processors

Our sub-processors are:

  • ActiveCampaign, Inc., Chicago, USA: We use ActiveCampaign to send informational email when you evaluate or buy a new app. The ActiveCamapign privacy policy can be found here.

  • Amazon Web Services, Inc., Seattle, USA: Our Cloud Apps are hosted on Amazon Web Services (AWS) cloud services in the datacenters mentioned above in the section ‘Data Location’. The AWS privacy statement can be found here.

  • Amplitude, Inc., San Francisco, USA: We use Amplitude to visualize and analyze how our apps are used. The Amplitude privacy statement can be found here.

  • Atlassian Corporation Plc, London, UK: We use Jira Service Management from Atlassian for the creation, tracking and administration of support tickets, Jira Software Cloud for tracking software development and task management, and Atlassian Confluence Cloud for the internal documentation of customer use cases. The Atlassian privacy statement can be found here.

  • Google Cloud EMEA Limited, Dublin, Ireland: We use Google Gmail for sending and receiving emails. This includes incoming and outgoing emails to and from K15t email lists, personal mailboxes, emails for support issues or transactional emails to inform about licenses. We use Google Drive for transferring files in our support process. The Google Cloud privacy statement can be found here.

  • Sentry (Sentry is a registered trademark of Functional Software, Inc.), San Francisco, USA: We use Sentry for real-time error tracking of our Cloud Apps' resources executed in the end users' browsers to reproduce and fix crashes. The Sentry privacy statement can be found here.

  • Segment.io, Inc, San Francisco, USA: We use Segment to collect data on how our  apps are used. The Segment privacy statement can be found here.

End of subscription

If a customer unsubscribes from our Cloud App we mark stored Customer Data, for deletion. The data is deleted after 180 days at the latest if the customer does not re-subscribe. However the customer can contact us to ask for an earlier deletion.

Data Center Apps

Data Storage

Unless otherwise stated below our Server Apps do not store Customer Data locally, but store Customer Data in the corresponding Atlassian Server Product.

Exceptions applying to all Server Apps:

  • Support Data: Our Server Apps may offer a problem report functionality which can be triggered in the respective Apps. If a Server App offers such functionality, it allows you to automatically report the error to our support team. This functionality will collect relevant support data ("Support ZIP") from the customers' system and will create a support ticket in our support system on behalf of your users' email address. This data will be stored in the support system, but also downloaded to our own IT-system by a member of our support team. The same applies to all data manually sent by the customer itself reporting an error to our support team.

  • Real-time Error Tracking Data: Our Server Apps track errors of our Server Apps' resources executed in the end users' browsers in real-time. This includes for example AddOnKey, ClientKey, BaseUrl, anonymized TrackingID, error messages and information about the environment such as browser type, browser version and operating system. It is exclusively used in order to improve our service.

  • Product Analytics Data: Our Server Apps track user behavior to allow better product decisions based on these insights. This includes for example usage of service features such as how often certain features are used and how they are used. This data is anonymized. Therefore, we cannot identify the end user this data relates to. It is exclusively used in order to improve our service.

Data Location

Data location used by sub-processors.

Access to Customer Data

Only authorized K15t employees and sub-processors from our support and development teams have access to Customer Data. Such sub-processors are contractually bound to the same data security and privacy standards that apply to us.

Sub-processors

Our sub-processors are:

  • ActiveCampaign, Inc., Chicago, USA: We use ActiveCampaign to send informational email when you evaluate or buy a new app. The ActiveCamapign privacy policy can be found here.

  • Amplitude, Inc., San Francisco, USA: We use Amplitude to visualize and analyze how our apps are used. The Amplitude privacy statement can be found here.

  • Atlassian Corporation Plc, London, UK: We use Jira Service Management from Atlassian for the creation, tracking and administration of support tickets, Jira Software Cloud for tracking software development and task management, and Atlassian Confluence Cloud for the internal documentation of customer use cases. The Atlassian privacy statement can be found here.

  • Google Cloud EMEA Limited, Dublin, Ireland: We use Google Gmail for sending and receiving emails. This includes incoming and outgoing emails to and from K15t email lists, personal mailboxes, emails for support issues or transactional emails to inform about licenses. We use Google Drive for transferring files in our support process. The Google Cloud privacy statement can be found here.

  • Segment.io, Inc, San Francisco, USA: We use Segment to collect data on how our  apps are used. The Segment privacy statement can be found here.

  • Sentry (Sentry is a registered trademark of Functional Software, Inc.), San Francisco, USA: We use Sentry for real-time error tracking of our Server Apps' resources executed in the end users' browsers to reproduce and fix crashes. The Sentry privacy statement can be found here.