...
No user content or passwords are stored or otherwise transferred out of your Confluence instance.
The action of invoking SU stores a cookie on the client web browser with a hard wired 30 minute expiry, this means, even in the unlikely event of cookie theft, any exploit would have to occur within 30 minutes of its generation.
The act of invoking SU is tracked through its Auditing (admin limited access) feature that currently stores the Username which is PII.
...
We have an open issue to migrate this to a non-PII userkey (
| Jira Legacy | ||||||
|---|---|---|---|---|---|---|
|
Q | A |
|---|---|
1. Does this app send data outside of the host instance? | NO |
2. If yes above, do you the app vendor manage this system, or is this operated by a different legal entity? | n/a |
3. If yes above, what is the data being sent outside the instance? | n/a |
4. If yes above, why do you send data outside of the instance? | n/a |
5. If yes above, does this data contain any Personally Identifiable Information(PII)? | n/a |
...