Technical Details related to data usage

Glossary of terms

"The Company", "Us", "We", "Our"

The Plugin People Ltd

PII

Personally Identifying Information

JEMH

Enterprise Email Handler for Jira Server

JEMHC

Enterprise Email Handler for Jira Cloud

Common factors to JEMH (Server) and JEMHC (Cloud)

This page is subordinate to the Privacy Policy and its purpose is to be transparent about how this particular application handles your data.  Feature do vary between Server and Cloud, we cover both here, support is common to both.

Related to this is our JEMHC-specific page on General Data Protection Regulation (GDPR).

Billing

The Server version (JEMH) is currently still licensed through us directly.  As part of order processing, we track a lot of conversations and generate quotes by Email and through our Jira.  As a legal requirement to retain records, we retain order data in spreadsheet form, copies of all quotes, invoices and purchase order documents for 7 years, these documents containing the Name and Email of involved parties.   Where card checkout is used for purchases, details of the purchaser are also stored long term.

The Cloud version (JEMHC) is licensed through Atlassian Marketplace, as such we don't get or collect any details.  When customer Plan capacity becomes exhausted, they may choose to purchase additional capacity as a "Data Pack" or  a "Plan Upgrade", in such cases, we collect and retain the name, and email of the purchasing party as above.  Such data is stored in JEMHC so as to enable customer admins to track who did what and is auto-expired after a year.

Product Differences

JEMH is the Jira Server (customer hosts on their Jira instance, behind the firewall), JEMHC is for Jira Cloud (we host in the cloud).  The different deployments have differences which will be clarified below by referring to JEMH or JEMHC.

What Data is accessed/stored

JEMH (for Jira Server)

There is less to say about JEMH than JEMHC, as all data processed by JEMH is stored and managed under the control of the customer.

  1. JEMH processes email supplied by users, using connectivity mechanisms controlled by the user.  If enabled, the action of Auditing stores those emails in raw, unencrypted form in the JIRA_HOME/jemh/auditing folder.

  2. As part of supporting email only users, JEMH stores non-Jira email addresses in TEXT custom fields, unencrypted.

  3. As part of processing user comments by email, JEMH also stores some of those comments, and the email addresses involved within the JEMH tables (AO_78C957_*), unencrypted.

  4. As part of support, JEMH Profiles are often requested in order to reproduce configuration scenarios and solve problem.  The XML payload contains email addresses, website URL’s, server license details and database settings, but no authentication details.  When attached to the public JEMH Jira Issue Tracker, standard practice is to mark the issue security as Private between Reporter and Developers.

  5. As part of support, JEMH Test Cases, which are exports of real emails supplied by the customer.  Usually these emails contain 'test' data and are not sensitive, but still may contain IP address or other identifying data.  Issues containing test cases are not always marked as private, if there are concerns, users may do this.

JEMHC (for Jira Cloud)

JEMHC has many more privacy touch points than JEMH.

Where is data stored

All retained data is held within a virtual private cloud database managed by AWS located within the USA.  We have no way to shard user data to European data centers at this time.

AWS have adopted GDPR terms as part of our agreement with them: 

Registration / System Notifications / Life Cycle

When your instance installs JEMHC, or, is rebooted as part of maintenance with JEMHC installed (but unlicensed) JEMHC will create some basic record of the installation. We store Billing Contact email addresses, and enable further email addresses to defined for administration notifications (JEMHC > Licensing > System Notifications).  The Company doesn't manage customer data that is stored in our system, its not The Company's data.  For example, a contractor that setup a cloud instance and used her real name and email, was set as the billing contact.  JEMHC notifies the billing contact about usage every month but they no longer work 'for the company', we can't fix that, we don't access or change customer data.

Google OAuth usage

Customers can optionally configure JEMHC to use Google OAuth to link google services including SMTP, IMAP and Drive with JEMHC.

Permissions

When Oauth is setup, the following google API permissions are required by JEMHC to operate.  It is not possible to split required permissions in JEMHC (access to mail requires access to drive, even if unused - but no access will be performed unless configured)

The usage of these permissions within JEMHC is as follows:

SMTP

Once authorized and configured, JEMHC will be able to send mail from your Jira instance and JEMHC itself through the linked email account(s) as described below.

IMAP

Once authorized and configured, JEMHC will be able to retrieve email from the linked account(s) and process as described below.

Inbound Processing

  1. JEMHC processes email supplied by users, using connectivity mechanisms controlled by the user.  By default, the action of email retrieval:

    1. stores those complete emails in encrypted form in the JEMHC database.   Customers can opt out of the short term auditing email-retention (re-enabling requires support intervention).  Opting out makes diagnosing email related problems much harder to resolve, if not impossible.

    2. stores subject, sender (from:), and recipients (to:, cc:) email address in JEMHC database, unencrypted.

  2. As part of supporting email only users, JEMHC stores non-Jira email addresses in TEXT custom fields, unencrypted.

  3. Email content is stored in Jira in plain text as issue summary/description/comment.

Outbound Processing

  1. Regardless of whether you have a license present for JEMHC or not, if JEMHC installed, the issue https://ecosystem.atlassian.net/browse/AC-1620 means that your Jira will send us issue webhook data for every IssueEvent in your instance (over SSL).  JEMHC stores this event data in unencrypted form in the JEMHC database, retaining only the most recent events ( This data should ideally be encrypted, https://thepluginpeople.atlassian.net/browse/JEMHC-34 will track that).

  2. JEMHC will by default attach files added to issues to outbound emails.

  3. JEMHC will by default store in the JEMHC database, the full email content of recently sent mail.

  4. After sending email, JEMHC retains a recent history of the event, this includes email addresses and subject, currently stored in clear. https://thepluginpeople.atlassian.net/browse/JEMHC-35 will track the encryption of summary.

Registration and Feedback

The Plugin People Ltd use Slack for this:

  1. JEMHC writes registration event data to a private Plugin People Instant Message room (over SSL) identifying the host URL involved

  2. JEMHC writes user supplied feedback to a private Plugin People Instant Message room (over SSL) identifying the host URL and the user email address involved

Logging

  1. JEMHC writes some debug level logs to a logging database, this contains various information about email processing, subjects and sender email addresses are also hashed, only in some specific situation would we log PII data we'd use proactively to talk to the customer about particular problems.  We purge the entire log archive from time to time, its use is transitory.

Support

  1. As part of support, JEMHC Profiles are often requested in order to reproduce configuration scenarios and solve problem.  The JSON payload contains email addresses, website URL’s, groups, usernames, but no authentication details.  When attached to the public JEMHC Jira Issue Tracker, standard practice is to mark the issue security as Private between Reporter and Developers.

  2. As part of support, JEMH Test Cases, which are exports of real emails supplied by the customer.  Usually these emails contain 'test' data and are not sensitive, but still may contain IP address or other identifying data.  Issues containing test cases are not always marked as private, if there are concerns, users may do this.

Use of Email Test Cases

As part of Our support for JEMH and JEMHC, its common for us to require test case emails in order to reproduce a processing problem.  These emails can contain personal information identifying users, e.g. names, email address, as well as related content.  As the point of the Test Case is to validate specific processing, editing the content after the fact is not always an option.  Such information is private and not shared.

Auto-purging

In JEMHC (cloud), we already have a Post-Function that is responsible for deleting External Attachments (for large log files etc) that is stored with our our own cloud infrastructure, not Jira.  We plan on adding a further post-function / feature to expire/remove attachments to support cases after 3months of being resolved, achieving a data-retention lifetime.  This is for customer convenience, should an issue need to be re-opened after resolution.

JEMH Licensing: Use Of Email Addresses

During Licensing, users supply an email address, that will be used to send generated keys to.  Supplied addresses are not used for any other purpose than key deliver. Addresses are retained through email history, kept by The Plugin People for auditing and abuse detection.   Users who use anonymizing mail servers may have trouble generating evaluations.

Accidental Mail

With the use of 'live' example emails, and the nature of JEMH for notifications, it is always possible that as part of testing emails are unintentionally sent, this is manually managed, and is a rare occurrence.  If you feel spammed, drop me an email at andy @ thepluginpeople.com

Data usage

Your data will not be used for any kind of 3rd party use, marketing etc.  The Plugin People may contact registered users from time to time, with pro-active advice on configuration, or more general service-related announcements.

Data Flow Diagrams

Inbound

Outbound