Data Storage
Summary
This page provides details about what data JEMH Cloud stores, and how it’s secured.
Configuration
All Profile configuration is stored in a database that is encrypted at rest. Sensitive values like mail service authentication credentials are additionally encrypted prior to storage in this database.
Inbound Email Processing
Auditing Email Storage
When auditing is enabled (you can opt out) we store with encryption:
Full copies of inbound email are retained for 30 days
Auditing records contain:
Email subject
Sender email address
Identity of the reporter user - only keys are stored
Report of processing by JEMHC that can include any involved parties name / email address
Test Case Storage
You may create Test Case emails from a live email for processing problem diagnosis, in such a case, we store with encryption:
Full contents of the test case email
Metadata about the email
Email subject
Recipient names and email addresses
Outbound Email Processing
You many add a Notification Mapping for given Project(s) to drive outbound notifications.
Notification Mapping configuration contains:
Mailbox from address
Nominated Audience recipient users (picked from Jira) - only keys are stored
Event storage
Issue events are sent from Jira to the app in the form of JSON format Webhooks. If a Notification Mapping is configured in the app for the related project, the data is stored in encrypted file storage.
the event JSON data containing all the Jira issue data sent (content, comments, custom fields etc)
the Jira user who triggered the event (e.g. the Reporter user during create)
webhook processing report that may include references to Names and Email Addresses of parties involved, may include SMS phone numbers if configured
Preview Context storage
You may create a Preview Context in JEMHC which is a copy of the webhook data, to enable notification template previews and/or for support.
Auditing Email Storage
When auditing is enabled (you can opt out) we store with encryption:
Full copies of outbound email
Metadata about the email
Email
Recipient names and email addresses
Outbound processing report for the sending that include recipient names and email addresses
Data Retention - how long is data retained
Some configuration/data that you create is expected to be used repeatedly and is therefore retained for as long as your subscription is active, that includes:
Profiles
Test Cases
Static Resources
Inbound/Outbound mail/transport configurations
Templates
Webhook Data from issue events are retained on underlying storage for up to 7 days from receipt, at which point they are scheduled for removal as enforced by AWS bucket policy (visibility and access to that data is currently restricted to 1h)
Audit Data (where Auditing is enabled):
Inbound emails (up to 10MB) and auditing meta-data about processing is retained for 30 days from receipt, at which point they are scheduled for removal as enforced by AWS bucket policy
Outbound emails (up to 10MB) and auditing meta-data about sending is retained for 30 days from sent, at which point they are scheduled for removal as enforced by AWS bucket policy
What data do The Plugin People have access to
We have no access to your Jira instance, issues, or your JEMHC configuration.
Backoffice Console App
We have a back office management app through which we can monitor a variety of JEMHC and instance specific data
System Notification Email Addresses
High level aggregate usage history
JEMHC License transition history, current license status, DataPack purchase history and related usage
JEMHC System Status (as linked on the JEMHC app console) showing inbound/outbound status of connections and so on. Catchemail addresses are not shown.
Logging
Our application logs are transitory and not retained and periodically destroyed.
Limited information is stored; we do not log email content (where we do it is hashed to enable visual ‘same' determinations but not discern any readable info) or recipients, however, remote systems beyond our control can return arbitrary text that may include recipient related information that is logged.
Back office tools
Our application support tooling enables support staff to see:
System Notification Email addresses you have set in your JEMHC. This is to allow us to proactively reach out when we see problems that affect your instance.
Where Data Packs are purchased, we may see IP address, Payer Email Address used through the online shop.
JEMHC System notifications
Nominated system admins receive Bcc: notifications about system related events, all of which include your configured System Notification Recipient email addresses:
Plan Consumed
License changes
Monthly Usage
3rd Party notifications
Our sales team are notified when online purchases are made through the online shop, related meta data is sent by email to us from them about the purchaser:
IP address
Name & email address
Country
Support
When we provide support to you, you may make a variety of content available to us in order that we can help solve a problem you have. The company policy on customer data storage is to be limited to company issued hardware only, which is fully encrypted at rest.
Example Data
Email content in full containing IP addresses, email recipient names and email addresses, attachments, log files, screenshots.
The JEMHC admin may use the in-app feature to ‘flag’ an incoming mail for support, doing this allows our support team to access related data through our back office tools, data doesn't need to be transferred. Flagged emails expose:
Subject
Sender and Recipients email addresses
Raw email in full
Your JEMHC Profile that processed this email
Text or filtered HTML and all attachments
inbound processing report containing email addresses of recipients, account ID’s of users involved.
By providing a mail for support (flagged or other), such content is used only for the current support query. It may be loaded into a test Jira, drive test email notifications to dead end mailbox services, in order to help you in your support query.
What app data is stored by Atlassian
JEMHC uses https://developer.atlassian.com/cloud/jira/platform/jira-entity-properties/ to store some information on Atlassian’s own servers. This data is directly attached to issues and/or comments and helps JEMHC during processing. No personally identifying information is stored however in some cases a processed email’s Message-ID
and Subject
header values may be stored. This data’s lifespan is tied to that of the issue it’s attached to.
When JEMHC processes mail, any of the following information can be found in an issue, depending on app configuration:
email subject
email recipients name / address
email content (raw text, HTML converted to wiki markup)
email attachments
full copies of the entire email, raw text content or filtered (to limit XSS scenarios) HTML content