Data Security Statement

Effective starting: June 1st, 2024

sh cloud software GmbH offers apps for the Atlassian Marketplace for Atlassian Cloud Products. This data security and privacy statement provides an overview how we're collecting and processing customer data in our apps and related processes (e.g. support requests).

You can find the privacy statement for our website here.

Account data

As soon as you evaluate or purchase our apps, Atlassian provides us license information including your name and email address. We use this information for accounting and support purposes. However, Atlassian is the main guard of your license and contact data and we have no further access beyond the information provided by Atlassian.

Support data

You can reach out to us via email and provide information about yourself (name, company name, email address), your Atlassian Cloud product and potentially more public or non-public information. We will store this information to process such support requests. If you wish to remove this information, please reach out to our privacy team.

Data storage

We try to only store customer data when it's necessary for the app's operation. If it's necessary, we store it within the Atlassian Cloud product or in a designated app storage provided by Atlassian's Cloud development platform "Forge". Both locations apply to Atlassian's Cloud Security Statement which can be found here.

The following list describes which data we collect and store:

Vercel for Compass

  • Vercel API key: we store a customer provided api key in a Forge storage which is designed for storing secrets
  • Vercel webhook configuration: we store webhook configuration data in a Forge storage which is designed for storing secrets
  • Vercel project and deployment information: we store project and deployment information like project name, start and end date of a deployment, and links to projects, source code repositories and the website as components and component data in Atlassian Compass.

Access to customer data

Only authorized employees of sh cloud software GmbH and sub-processors have access to customer data. Employees and sub-processors are bound to the same data security and privacy standards.

Sub-processors

  • Amazon Web Services, Inc., Seattle, USA: We use AWS for hosting our website and general IT services. The AWS privacy statement can be found here
  • Google Cloud EMEA Limited, Dublin, Ireland: We use Google Workspace for sending and receiving emails, storing files related to support cases and scheduling appointments and video conferences with customers. The Google Cloud privacy statement can be found here.

End of subscription

If you uninstall an app or stop the subscription, we immediately lose access to your customer data which is stored on the respective Atlassian Cloud product or Atlassian Forge Storage. For Forge Storage, Atlassian is taking care of deleting the data we have stored. For data stored in Atlassian Cloud products like Compass, you are responsible for deleting your data.

Security vulnerabilities

We follow the latest security standards to ensure data security. As an Atlassian Marketplace partner, we follow their security bug fix policy as well as their security incident guidelines for treating security vulnerabilities. If you encounter any issues, please reach out to our security team or report a vulnerability in the Vulnerability Disclosure Program.