...
Only selected Deiser employees use DBMS to interact with the data. To manipulate the information in the database servers it is mandatory to be authenticated and authorized. The credentials are stored in the given MyMySQL, which is responsible These DBAs are responsibles of giving access or not to the corresponding applicant. MySQL DBA is also responsible of assuring the confidentiality of the sensible data stored in the given credential tables. One of our database administrators DBA configure the permissions related with every account registered in the system. This is our way of handling the access control via DBMS. There are strict rules to maintain the confidentiality of this information and prevent our employees from sharing credentials or abusing them. It is important to remark that every employee has his/her own credentials for every environment so we can audit every action done in the platform and when an employee leaves the company, there is a policy that dictates that these credentials must be disabled to avoid unauthorized access. In addition, we have an enforce password expiration policy to assure that if the credentials are compromised at least the attacker will not be able to use it forever. There is an enforcement every month.
Regarding with the access through the plugin interface the communication between the front side and the backend is direct and made by SQL queries.
We collect the following categories of information, which may be considered Personal Information when maintained in an identifiable format:
- Account registration information: When you register or purchase Products or Services, we may collect your and/or your Administrator’s full name, email address, phone numbers, and account log-in credentials, if applicable.
- Content and information that you submit through the Sites: Information submitted through the Sites may include, for example, the information you provide when you participate in any interactive features, research studies, or surveys, and any information you submit when filing a customer support ticket or as part of any other form submissions on the Sites.
- Content and information voluntarily provided through the Services: We collect any information you provide to us voluntarily via the Services. Annex 1 outlines the categories of Personal Information in greater detail that we collect and that may be submitted through the Sites and/or Services.
- Technical product usage data, logs, metrics, metadata, and device information: We automatically generate and retain records of how users interact with our Sites and Services. This may include information such as your Internet Protocol (“IP”) address, device identifiers, device information (such as OS type or browser type), cookie IDs, referring / exit pages and URLs, interaction information (such as clickstream data), domain names, pages viewed, crash data, and other similar technical data. We may use technologies such as cookies and/or scripts to collect this information.
- Location information: We may use the IP address received from your browser or mobile device to determine your approximate physical location, such as city and country.
- Information collected from third party or public sources: DEISER may receive information from third-party sources, such as business partners, the Atlassian Marketplace, Affiliates, marketing service providers, third-party data aggregators, or publicly available sources, that we use to make our own information better or more useful. We may collect an Authorized User’s name, email address, and phone number.
Safeguarding of the data
The plugins we provide in the Atlassian Marketplace are hosted in the cloud, specifically in DigitalOcean and Gooogle Cloud Platform. All the data hosted in their data centers is under our control. In addition, DigitalOcean has a code of practice for cloud privacy ISO/IIEC 27018, ISO27001 and SOC1/2/3 certified company. This adherence provides transparency about policies regarding the return, transfer, and deletion of personal information stored in their datacenters.
...