At Exalate, protecting your data and your privacy is a top priority. Exalate adheres to a strict policy for ensuring the security and privacy of your data, in particular your personally identifiable information (such as full name, address, e-mail address, and/or other identifiable information, collectively such personally identifiable information "Personal Data").
Overview
We provide hosted services ("Cloud Add-ons") for Atlassian Cloud Products. The add-ons are delivered through the Atlassian Connect add-on framework ("Atlassian Connect"). Cloud Add-ons can be identified by the "Cloud" category in the corresponding Atlassian Marketplace listing.
We also provide downloadable products ("Server Add-ons") for Atlassian Server Products, which are installed on the client's IT systems. Server Add-ons can be identified by the "Server" category in the corresponding Atlassian Marketplace listing.
This Data Security and Privacy Statement only apply to our Cloud Add-ons, not the Server Add-ons. It will provide you with an overview of the collection and processing of your data.
In the following, all data created by an Atlassian Cloud Product end user and stored within the Atlassian Cloud Product are defined as "Customer Data".
Data Security
We maintain state-of-the-art technical and organizational measures in order to ensure data security, in particular for the protection of your Personal Data. These measures are updated from time to time in order to remain state-of-the-art. If you are interested in our data security concept please contact us.
Data Storage
Unless otherwise stated below, our Cloud Add-ons do not store Customer Data locally, with the following exceptions:
- Account Data: Our Cloud Add-ons stores data provided and generated by Atlassian, that are required for license validation, contract administration, and communication with the customer instance. This includes for example AddOnKey, ProductType, ClientKey, BaseUrl, ServiceEntitlementNumber, SharedSecret, and OauthClientId.
- Operation Data: Our Cloud Add-ons temporarily store Customer Data which is required for the operation of the service. All temporary data is deleted usually as soon as it is no longer required for providing the service. Such data for example includes license information for the installed add-on, synchronization relations, twin and field traces, and copies of the latest and previous versions of the issues.
- Customer Uploaded Data: Our Cloud Add-ons store data created with and for the Cloud Add-ons and stored within the Cloud Add-ons by a customer using its user interface. This includes for example the configuration of the Cloud Add-ons metadata managed by the Cloud Add-ons. Customer Uploaded Data is deleted at the latest 180 days after the customer unsubscribed from the service (see below section "End of Subscription").
- Session Data: Our Cloud Add-ons store data resulting from the customer's use of the service and is distinguished from Customer Uploaded Data. This includes for example usage statistics of service functionality.
- Support Data: Our Cloud Add-ons may offer a problem report functionality that can be triggered in the respective add-ons. If a Cloud add-on offers such functionality, it allows you to automatically report the error to our support team. This functionality will collect relevant support data (e.g. Account Data, Operation Data, Customer Uploaded Data) from our systems and will create a support ticket in our support system on behalf of your users' email address. This data will be stored in the same data location that executed the operation but also downloaded to our own IT system by a member of our support team. The data is usually deleted as soon as it is no longer required for providing the service, however, the latest 180 days after the customer unsubscribed from the service (see below section "End of Subscription").
Data Location
When the node is deployed on the Exalate Cloud, all data resides on the Google Cloud datacenter in Europe-West1 (Belgium) or on Exalate Cloud that is hosted in Tier 4 datacenters, located in Belgium. Backups of that environment are stored offline in the data center of Rsync.net in Zurich (Switzerland).
Access to Customer Data
Only authorized Exalate employees and subcontractors from our support and development teams have access to Customer Data. Such subcontractors are contractually bound to the same data security and privacy standards that apply to us.
For more details check the Data Processing Agreement.
End of Subscription
If a customer unsubscribes from our Cloud Add-on we mark stored Customer Data, for deletion. The data is deleted after 180 days at the latest if the customer does not re-subscribe. However, the customer can contact us to ask for an earlier deletion.