ScriptRunner for Jira Cloud: Security and data privacy FAQ
How long does Adaptavist keep my personal data?
We only keep your personal data for as long as we need it to fulfil the purpose it was collected for. If there’s a legal reason to hold onto it longer, we’ll do so.
How long does ScriptRunner keep user-generated data like scripts and logs after the product has been uninstalled?
Once ScriptRunner has been uninstalled, user-generated data is kept for a period of 180 days for backup purposes.
Can an error in the app damage my data, and how do you prevent this?
While it's our top priority to keep your data safe, we understand concerns about potential errors. To help protect your data, our product teams take several important steps, which help ensure that your data remains secure, even if an error occurs:
- Code reviews: We carefully check our code to catch any issues before they can cause problems.
- Automated testing: We run our software through a series of automated tests in different environments before we release it, to make sure it works smoothly.
- Vulnerability scanning: We regularly scan for security weaknesses and keep our software updated to close any gaps.
- Manual QA testing: Our team of testers manually checks the software to ensure it meets our high standards.
- Scheduled production testing: We perform regular automated tests even after the software is live to catch any unforeseen issues early.
- Error monitoring: We keep an eye on the software in real-time to quickly address any errors that may pop up.
- Security awareness training and internal audits: We conduct regular training sessions to keep our product team informed about the latest security practices and perform regular internal audits to ensure compliance with security protocols.
How reliable is ScriptRunner for Jira Cloud?
Creating a system you can rely on is a priority for us. That's why our system is built using a modular approach, ensuring that different parts are isolated from each other. This means if there's ever a vulnerability or error in one area, it won’t impact the rest of the system.
Additionally, Jira Cloud apps, including ScriptRunner, are sandboxed. This means they operate independently from Jira Cloud itself. So, if there’s an issue with an app, it won’t affect Jira or any other apps you’re using.
For updated performance and incident information, visit our Status page.
What types of personal data are handled by ScriptRunner for Jira Cloud and how are they defined?
The only data we store and process is user-generated content that allows you to use the product. This includes details about Jira projects, issues and comments as well as the users that created or modified them.
We work closely with integrated partners, like Atlassian, who have specific definitions for personal data. Atlassian classifies personal data stored for the purpose of identifying users in a clear and logical way as “Personal Profile Data”. It’s important to note that this data category does not include information that could identify an individual as per GDPR definitions as the information is anonymised.
More information on our data handling can be found in our Privacy Policy, sections 12.5 and 12.6.
How is my personal data handled when shared with other companies?
We work with trusted third-parties to effectively deliver our products and services. For example, AWS for hosting infrastructure and data storage. Any data that we share with these third-parties is handled based on their own privacy policies and the laws that apply to them. Where data is shared for the purposes of data processing, the third-party will store your data according to the specific rules and timelines we've set.
To learn more about how we process data, please refer to Adaptavist's data processing addendum.