Data Security and Privacy Policy for Artemis Apps

This policy applies to Artemis Software Cloud Apps that communicate with Atlassian Cloud products which add features and functionality.

Artemis Software hosted services use the Heroku Cloud Platform.

What Personal Information We Store and How We Store It

Unless specifically highlighted below, Artemis does not store customer personal information. The data stored by Atlassian in the Atlassian cloud product is covered by the Atlassian Cloud Policy.

Account Data

Our Cloud Apps store data provided and generated by Atlassian that are required for license validation. However, this data is obfuscated and contains no personal data nor user data.

Session Data

Our Cloud Apps briefly cache data in memory resulting from each customer's use of the service and is distinguished from user-generated content such as Confluence page names. This customer use includes, for example, usage statistics of service functionality such as the total number of App uses per day. This data is anonymized. Therefore, we cannot identify the end user this data relates to.

Log Files

When a customer or Confluence Cloud instance interacts with an Artemis Cloud App, we generate log files to help us operate and improve our services. For our Cloud Services, the information logged includes a GDPR-safe account ID. See Atlassian's Context Parameters for definitions of context parameters sent to Artemis Cloud apps from the host Confluence instance.

Backups

Artemis database backups are made only for Atlassian Connect application registration information.  No personal information is stored.  All backups are encrypted.

Data stored in our Heroku Cloud Platform for all Cloud Apps are replicated in a distinct availability zone for use in emergency failover scenarios and are backed up daily.  Daily backups are retained for 7 days, weekly backups for 8 weeks, and monthly backups for 12 months.

Encryption

Where data is transferred over the Internet as part of a Website or Cloud Services, the data transmitted using industry-standard TLS-protected connections.  Our databases are encrypted at rest, and sensitive fields stored in the database are further encrypted in the application tier before being stored.

Where Server Products are used, responsibility for securing access to the data you store in the Server Products rests with the customer. No data is shared or sent from Artemis Server Apps outside the Atlassian Server. We strongly recommend that administrators of Server Products enable encryption in transit (e.g., HTTPS using TLS) to prevent interception of data transmitted over networks and to restrict access to the databases and other storage used to hold data.

Who Has Access To Your Personal Information

Artemis support team accesses Heroku Cloud Platform data only for purposes of application health monitoring and performing system or application maintenance, and upon customer request for support purposes. Only authorized Artemis employees have access to server data.

Artemis and Cloud users are authenticated using Atlassian Connect JWT Authentication. Customers are responsible for maintaining the security of their own Confluence Cloud login information.

Whom We May Share Your Personal Information With

We will never share any personal information collected through use of our Cloud Apps.

As of March 29, 2019 our Cloud Apps will not store any customer personal information.

Your Personal Information Rights


You have the following rights:

  1. Review, change, or delete your personal information
  2. Ask about how we are processing your personal information
  3. Request a copy of your personal information
  4. Transfer your personal information from us to another person or business

Should you wish to exercise any of your rights, or have any questions concerning your rights, please email us at support@artemis.atlassian.net

Please note that we will require proof of your identity and, because we are a small company, your request may take up to 30 working days to process. 

Additional information regarding Artemis Confluence Server Apps

Our Confluence Server Apps enhance the functionality of customers' Confluence Servers.  These local or hosted customer Confluence installations are distinct from the Atlassian Confluence Cloud offerings.  These installations run on platforms maintained by the customers themselves.

  • All information stored by Confluence Server Apps locally is used expressly for the purposes of their operation.
  • All information stored by Confluence Server Apps locally is maintained by the customer and is only accessible by the customer.
  • No information stored by Confluence Server Apps will ever be accessed or used in any way by Artemis,  except when the customer initiates contact and expressly sends Artemis data for the purpose of solving an issue such as debugging a problem.


Effective: December 10, 2018