Effective starting: July 15, 2020
Protecting your data and your privacy is a high priority and is very important to us. Lively Apps adheres to a strict policy for ensuring the security and privacy of your data, in particular your personally identifiable information (such as full name, address, e-mail address, and/or other identifiable information, collectively such personally identifiable information “Personal Data”).
- Cloud Apps
- Server Apps
This privacy statement is accompanied by the Data Processing Addendum.
Lively Apps provides hosted services (“Cloud Apps”) for Atlassian Cloud Products. The Apps are delivered through the Atlassian Connect App framework (“Atlassian Connect”). Cloud Apps can be identified by the “Cloud” category in the corresponding Atlassian Marketplace listing.
Lively Apps also provides downloadable products (“Server Apps”) for Atlassian Server Products, which are installed on the client’s IT-systems. Server Apps can be identified by the “Server” category in the corresponding Atlassian Marketplace listing.
This Data Security and Privacy Statement will provide you with an overview of the collection and processing of your data for both Cloud and Server Apps.
In the following all data created by an Atlassian Cloud or Server Product end user and stored within the Atlassian Product are defined as “Customer Data”.
We maintain state-of-the-art technical and organizational measures in order to ensure data security, in particular for the protection of your Personal Data. These measures are updated from time to time in order to remain state-of-the-art. If you are interested in our data security concept please contact us.
Unless otherwise stated below our Cloud Apps do not store Customer Data locally, but store Customer Data in the corresponding Atlassian Cloud Product. The Atlassian Cloud Product Security Statement can be found here.
Exceptions applying to all Cloud Apps:
- Account Data: Our Cloud Apps store data provided and generated by Atlassian, that are required for license validation, contract administration and communication with the customer instance. This includes for example AddOnKey, ProductType, ClientKey, BaseUrl, ServiceEntitlementNumber, SharedSecret, OauthClientId. Installation Metadata is deleted at the latest 180 days after the customer unsubscribed from the service (see below section “End of Subscription”). Please note that Lively Apps does not store this data out of ‘free choice’ but as a general technical requirement for any Atlassian Cloud App to function.
- Real-time Error Tracking Data: Our Cloud Apps track errors of our Cloud Apps' resources executed in the end users' browsers in real-time. This includes for example AddOnKey, ClientKey, BaseUrl, anonymized TrackingID, error messages and information about the environment such as browser type, browser version and operating system. It is exclusively used in order to improve our service.
Exceptions applying to specific Cloud Apps:
Task Reminder for Confluence:
- Our Cloud App stores data created with and for the Cloud App and stored within the Cloud App by customer using its user interface. This includes the configuration of reminder email and Slack settings and metadata managed by the Cloud App. Customer Uploaded Data is deleted at the latest 180 days after the customer unsubscribed from the service (see below section "End of Subscription").
- RARE EDGE CASES ONLY - Email addresses: In general, Task Reminder does NOT store user-specific data such as email addresses. Email addresses are exclusively processed to send reminder emails. Access to email addresses is restricted to the process of sending reminder emails and email addresses are not accessible outside of this process. There is ONE EXCEPTION for which we are REQUIRED to store email addresses: when Task Reminder emails are rejected by an email service provider, Lively Apps is obligated to store the associated email address on a ‘deny list’. In such a case, we will store the email address up to 180 days with the sole purpose of NOT contacting that email address again.
PocketQuery for Confluence:
- Our Cloud App stores data created with and for the Cloud App and stored within the Cloud App by customer using its user interface. This includes the configuration of datasources, queries, templates and converters and metadata managed by the Cloud App. Customer Uploaded Data is deleted at the latest 180 days after the customer unsubscribed from the service (see below section "End of Subscription").
North Virginia, USA.
Access to Customer Data
Only authorized Lively Apps employees and subcontractors from our support and development teams have access to Customer Data. Such subcontractors are contractually bound to the same data security and privacy standards that apply to us.
Our subcontractors are:
- Amazon Web Services, Inc., Seattle, USA: Our Cloud Apps are hosted on Amazon Web Services (AWS) cloud services in North Virginia, USA. The AWS privacy statement can be found here.
- Atlassian Corporation Plc, London, UK: We use Jira Service Management from Atlassian for the creation, tracking and administration of support tickets. The Atlassian privacy statement can be found here.
- Sentry (Sentry is a registered trademark of Functional Software, Inc.), San Francisco, USA: We use Sentry for real-time error tracking of our Cloud Apps' resources executed in the end users' browsers to reproduce and fix crashes. The Sentry privacy statement can be found here.
End of subscription
If a customer unsubscribes from our Cloud App we mark stored Customer Data, for deletion. The data is deleted after 180 days at the latest if the customer does not re-subscribe. However the customer can contact us to ask for an earlier deletion.
Our Server Apps do not store Customer Data.