Data Security and Privacy Statement
Privacy
All our apps are governed by our company Privacy Policy.
Data Security
SU for Confluence exposes user data to any Confluence system administrator as it allows the system administrator to become any other user.
No user content or passwords are stored or otherwise transferred out of your Confluence instance.
The action of invoking SU stores a cookie on the client web browser with a hard wired 30 minute expiry, this means, even in the unlikely event of cookie theft, any exploit would have to occur within 30 minutes of its generation.
The act of invoking SU is tracked through its Auditing (admin limited access) feature that currently stores the Username which is PII. We have an open issue to migrate this to a non-PII userkey (https://thepluginpeople.atlassian.net/browse/CONFSU-89 ). Changing to userkeys instead of usernames will mean that auditing records will no longer be fixed.
Q | A |
---|---|
1. Does this app send data outside of the host instance? | NO |
2. If yes above, do you the app vendor manage this system, or is this operated by a different legal entity? | n/a |
3. If yes above, what is the data being sent outside the instance? | n/a |
4. If yes above, why do you send data outside of the instance? | n/a |
5. If yes above, does this data contain any Personally Identifiable Information(PII)? | n/a |
Confluence ReadOnly mode
Q | A |
---|---|
Is your app fully read only mode compatible? | Yes, the app doesn't make confluence content or system, configuration changes during Read Only mode.
|