Overview

Our goal is to have as little of your information as possible. We (at a best effort) document and disclose exactly what data is collected and where it is stored for each of our products. If you do not want to be tracked by Google Analytics we suggest you install the opt-out browser extension that Google provides https://tools.google.com/dlpage/gaoptout All of our systems (both server and individual user machines) are secured by 2FA and encrypt stored data.

Cloud Apps

Bandage

We link to external resources on both the Atlassian® CDN and the Google CDN in this extension. Both of these CDNs are in regular usage when an Atlassian® Cloud application is accessed anyways.
We use Sentry.io for error collection, and as such we also load the library from their servers.

During installation we will receive information similar to:

{ key: 'atlas-authority-bandage-connect',
  clientKey: '<hidden>',
  publicKey: '<hidden>',
  sharedSecret: '<hidden>',
  serverVersion: '100035',
  pluginsVersion: '1.2.35',
  baseUrl: 'https://<sitename>.atlassian.net',
  productType: 'jira',
  description: 'Atlassian JIRA at https://<sitename>.atlassian.net ',
  eventType: 'installed' }

During normal usage of the app, we only receive information about the browser of your end users when they go to the setup page. This information will be sent to us over HTTPS. Example of this data is:

[20/Mar/2017:16:27:07 +0000] "GET /install?tz=America%2FLos_Angeles&loc=en-US&user_id=admin&user_key=admin&
xdm_e=https%3A%2F%2F<Sitename>.atlassian.net&xdm_c=channel-atlas-authority-bandage-connect__install-jira&cp=&
xdm_deprecated_addon_key_do_not_use=atlas-authority-bandage-connect&lic=none&cv=1.2.35&
jwt=<jwt key> 
HTTP/1.1" 200 - "https://<sitekey>.atlassian.net/plugins/servlet/ac/atlas-authority-bandage-connect/install-jira?user.key=admin&project.key=AADS&project.id=10000&user.id=admin" 
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"

The error logging code will send us errors like:

{"id":"c902e9bafe1e4be19a5719aa2f0be79c","project":202300,"release":null,"dist":null,"platform":"javascript",
"culprit":"<anonymous> in f.<anonymous>","message":"Error broken <anonymous> in f.<anonymous>","datetime":"2017-08-10T17:06:31.000000Z",
"time_spent":null,"tags":[["url","https://<sitename>.atlassian.net/secure/Dashboard.jspa"],["logger","javascript"],
["transaction","<anonymous> in f.<anonymous>"],["sentry:user","ip:67.108.256.194"],["level","error"],["os","Mac OS X 10.12.6"],
["os.name","Mac OS X"],["browser","Chrome 60.0.3112"],["browser.name","Chrome"]],"contexts":{"os":{"version":"10.12.6","name":"Mac OS X"},
"browser":{"version":"60.0.3112","name":"Chrome"}},"errors":[],"extra":{"session:duration":380643},"fingerprint":["{{ default }}"],
"metadata":{"type":"Error","value":"broken"},"received":1502384791.0,"sdk":{"client_ip":"66.108.246.256","version":"3.17.0","name":"raven-js"},
"sentry.interfaces.Exception":{"exc_omitted":null,"values":[{"stacktrace":{"frames":[{"function":"apply",
"abs_path":"https://cdn.ravenjs.com/3.17.0/raven.js","pre_context":[" args = func || [];"," func = options;"," options = undefined;"," }",""],
"post_context":[" },",""," /*"," * Wrap code within a context and returns back a new function to be executed"," *"],"filename":"raven.js",
"module":"raven","colno":40,"in_app":false,"data":{"sourcemap":"https://cdn.ravenjs.com/3.17.0/raven.min.js.map"},
"context_line":" return this.wrap(options, func).apply(this, args);","lineno":321},{"function":"apply",
"abs_path":"https://cdn.ravenjs.com/3.17.0/raven.js","pre_context":[" try {"," // Attempt to invoke user-land function",
" // NOTE: If you are a Sentry user, and you are seeing this stack frame, it",
" // means Raven caught an error invoking your application code. This is"," // expected behavior and NOT indicative of a bug with Raven.js."],
"post_context":[" } catch(e) {"," self._ignoreNextOnError();"," self.captureException(e, options);"," throw e;"," }"],"filename":"raven.js",
"module":"raven","colno":28,"in_app":false,"data":{"sourcemap":"https://cdn.ravenjs.com/3.17.0/raven.min.js.map"},
"context_line":" return func.apply(this, args);","lineno":386},{"function":"f.<anonymous>","abs_path":"<anonymous>",
"filename":"<anonymous>","lineno":2,"colno":11,"in_app":true}],"registers":null,"frames_omitted":null},"mechanism":null,"type":"Error",
"module":null,"thread_id":null,"value":"broken","raw_stacktrace":{"frames":[{"function":"f.context",
"abs_path":"https://cdn.ravenjs.com/3.17.0/raven.min.js","pre_context":["/*! Raven.js 3.17.0 (d5678cb) | github.com/getsentry/raven-js */"],
"post_context":["//# sourceMappingURL=raven.min.js.map"],"in_app":false,"lineno":2,"colno":6221,"filename":"/3.17.0/raven.min.js",
"context_line":"{snip} (a,b,c){return h(a)&&(c=b||[],b=a,a=void 0),this.wrap(a,b).apply(this,c)},wrap:function(a,b,c){function d(){var d=[],
f=arguments.length,g=!a {snip}"},{"function":"f.d","abs_path":"https://cdn.ravenjs.com/3.17.0/raven.min.js",
"pre_context":["/*! Raven.js 3.17.0 (d5678cb) | github.com/getsentry/raven-js */"],"post_context":["//# sourceMappingURL=raven.min.js.map"],
"in_app":false,"lineno":2,"colno":6417,"filename":"/3.17.0/raven.min.js","context_line":"{snip} -;)d[f]=g?e.wrap(a,arguments[f]):arguments[f];
try{return b.apply(this,d)}catch(i){throw e.I(),e.captureException(i,a),i}}var e=this;if(g(b)& {snip}"},{"function":"f.<anonymous>",
"abs_path":"<anonymous>","filename":"<anonymous>","lineno":2,"colno":11,"in_app":true}],"registers":null,"frames_omitted":null}}]},
"sentry.interfaces.Http":{"url":"https://<sitename>.atlassian.net/secure/Dashboard.jspa","headers":[["User-Agent","Mozilla/5.0 (Macintosh;
 Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36"]]},"sentry.interfaces.User":
{"ip_address":"66.108.256.194"},"type":"error","version":"7"}

We do have Google Analytics configured on the listing in the Atlassian® Marketplace and the Chrome Webstore, but this does not provide us any info other than user behavior on those pages. Our GA code is never run on any of your systems.

Tableau for Confluence®

We link to external resources on the Atlassian® CDN. This CDN is in regular usage when an Atlassian® Cloud application is accessed anyways.

During installation we will receive information similar to:

{ key: 'tableau-for-confluence',
  clientKey: '<hidden>',
  publicKey: '<hidden>',
  sharedSecret: '<hidden>',
  serverVersion: '6452',
  pluginsVersion: '1.3.166',
  baseUrl: 'https://<sitename>.atlassian.net/wiki',
  productType: 'confluence',
  description: 'Atlassian Confluence at https://<sitename>.atlassian.net ',
  eventType: 'installed' }

During normal usage of the app, we only receive information about the browser of your end users when they view the macro, and the Tableau URL of the view being requested. This information will be sent to us over HTTPS. Example of this data is:

[25/Jul/2017:08:50:25 +0000] "GET /macro?tableauUrl=https%3A%2F%2Fpublic.tableau.com%2Fviews%2FWomenInTech-ComputerScienceDegreeYearlyChanges%2FCSDesgreeShifts%3F%3Aembed%3Dy%26%3AloadOrderID%3D0%26%3Adisplay_count%3Dyes&tz=America%2FLos_Angeles&loc=en-GB&user_id=admin&user_key=ff80808156a17b270156a17b55270001&xdm_e=https%3A%2F%2Fimatincr.atlassian.net&xdm_c=channel-tableau-for-confluence__tableau-for-confluence8994798533164231209&cp=%2Fwiki&xdm_deprecated_addon_key_do_not_use=tableau-for-confluence&lic=active&cv=1.3.166&jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJmZjgwODA4MTU2YTE3YjI3MDE1NmExN2I1NTI3MDAwMSIsInFzaCI6ImIzYzgzNTM1YmJkNjgxMTAyYjE0OTA0YWI2NjM2YTEwYjgzZTExZTYzYjJmM2FkZGJiMWJiOTE3ZmIzMGU0OTMiLCJpc3MiOiIyYTc5OGJlZC01MDVkLTMwMTEtOGFmZi05ZjliYWFhNTA2MDIiLCJjb250ZXh0Ijp7InVzZXIiOnsidXNlcktleSI6ImZmODA4MDgxNTZhMTdiMjcwMTU2YTE3YjU1MjcwMDAxIiwidXNlcm5hbWUiOiJhZG1pbiIsImRpc3BsYXlOYW1lIjoiQm9yaXMgQmVyZW5iZXJnIFtBdGxhcyBBdXRob3JpdHldIn19LCJleHAiOjE1MDA5NzI3OTksImlhdCI6MTUwMDk3MjYxOX0.2InAlDS9xTdCGMxvfkrMubXfb-chk76NC3eBnyFsdLA HTTP/1.1" 200 670 "https://imatincr.atlassian.net/wiki/pages/resumedraft.action?draftId=18743301&draftShareId=5233fcc4-597f-4753-b32e-a8a79d1aba0d&" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4"

Other than during installation and when the macro is run, we do not receive data from the app.

We do have Google Analytics configured on the listing in the Atlassian® Marketplace, but this does not provide us any info other than user behavior on those pages. Our GA code is never run on any of your systems.

iFrames for JIRA® Cloud

We link to external resources on the Atlassian®, Google, and Cloudflare CDNs in this extension. All of these CDNs are in regular usage when an Atlassian® Cloud application is accessed anyways.

During installation we will receive information similar to:

{ key: 'iframe-dashboard-gadget-jira',
  clientKey: '<hidden>',
  publicKey: '<hidden>',
  sharedSecret: '<hidden>',
  serverVersion: '100035',
  pluginsVersion: '1.2.35',
  baseUrl: 'https://<sitename>.atlassian.net',
  productType: 'jira',
  description: 'Atlassian JIRA at https://<sitename>.atlassian.net ',
  eventType: 'installed' }

During normal usage of the app, we only receive information about the browser of your end users when they go to the setup page. This information will be sent to us over HTTPS. Example of this data is:

GET /iframe?dashboard=10100&dashboardItem=10107&tz=America%2FLos_Angeles&loc=en-US&user_id=admin&user_key=admin
&xdm_e=https%3A%2F%2F<yoursite>.atlassian.net&xdm_c=channel-iframe-dashboard-gadget-jira__iframe6641165471450156479
&cp=&xdm_deprecated_addon_key_do_not_use=iframe-dashboard-gadget-jira&lic=none&cv=1.3.175&
jwt=<key> 200 7.444 ms - -

We do not see the actual url which you are saving in the gadget. This is stored only on your server.

We do have Google Analytics configured on the listing in the Atlassian® Marketplace, but this does not provide us any info other than user behavior on those pages. Our GA code is never run on any of your systems.

Server Apps

Active User Filter

We do have Google Analytics configured on the listing in the Atlassian® Marketplace but this does not provide us any info other than user behavior in the Marketplace. Our GA code is never run on any of your systems.

iFramed

We do have Google Analytics configured on the listing in the Atlassian® Marketplace but this does not provide us any info other than user behavior in the Marketplace. Our GA code is never run on any of your systems.

Incident Response

If a security issue is identified in either our Cloud or Server apps we will work with Atlassian® to roll out a fix to as many customers as possible prior to publicly disclosing the issue. All supported license holders will be notified via the email account associated with the license.

Feedback

We are open to feedback on this policy and encourage you to share any concerns you have with us via the contact form.