/
Privacy Policy

Privacy Policy

1. Overview

The company Eric Braun Cloud Engineering (“we”, “us”, “our”, “own”) has high standards to manage data protection.

We develop Atlassian Cloud and Data Center apps (“Atlassian-Apps”, “apps”, “DC apps” or “cloud apps”). For our cloud apps use the Atlassian Forge framework and do not host any servers or infrastructure on our own. Our server apps are installed on the customers system. All apps are provided through the Atlassian Marketplace (Explore Marketplace solutions for Atlassian apps | Atlassian Marketplace ).

2. Name and Address of the Controller (Art. 4, No. 7 GDPR)

Eric Braun Cloud Engineering
Kolberger Str. 12D
76139 Karlsruhe
Germany
Email: privacy@eb-ce.com

3. Purpose & Legal Basis

We collect and process personal data strictly as necessary to provide and improve the functionality of our app, support user requests, and ensure the security and stability of our services. The legal basis for processing is generally the performance of a contract (Art. 6, No 1b GDPR), the fulfillment of legal obligations (Art. 6, No 1c GDPR), or our legitimate interests in operating and improving our services (Art. 6, No 1f GDPR). Where required by law, we obtain your consent (Art. 6, No 1a GDPR) before collecting or processing your data for specific purposes, such as analytics or marketing activities.

Personal data will only be processed for purposes outlined in this policy and not for any incompatible or additional purposes without your explicit consent.

4. General Information regarding Data Processing of our Cloud Apps

We have no own servers or infrastructure that process data or are required in any capacity for the functionality of our Atlassian-Apps. We use the following architectures:

For cloud apps we exclusively use the Forge Framework provided by Atlassian, which hosts the app on Atlassian servers (Forge Security). See the privacy policy of Atlassian acting as a data processor for further information (Atlassian Privacy Policy).

We only log errors in order to provide a good product to you. The logs do not contain any user data that allows us to identify or even track you. We don’t know what individuals use our apps unless we are contacted directly.

5. Specific Information regarding Data Processing of our Cloud Apps

a) Permission Management For Confluence

We process user names, user display names, account IDs and group names in order to show the permissions of a specific user or group. We do not store any of this data.

b) Bibliography for Confluence

We process and store data describing literature that the user enters in or app. This data contains any data that describes the literature in detail that is relevant (and entered by the user). All data is stored on the Atlassian Forge platform.

c) Permission Reporting for Confluence

We process user data and display it in the app’s user interface. We only store configuration data that allows the user of the app to further customize the app. This configuration includes several filters that require us to store permission group names.

d) Git Insights for Confluence

We store credentials of Git platforms such as access tokens in order to securely communicate with these third party services. All communication is encrypted and data shown in the app is fetched from the servers and not stored on the Atlassian platform. Additionally we store references (in the form of IDs) of Git workspaces and Git repositories.

6. General Information regarding Data Processing of our Data Center Apps

For our Data Center apps we do not store or process any data on another server than the server the Data Center product (e.g. Confluence or Jira) is installed on.

7. Data Retention

The data of our cloud apps is removed when an app is uninstalled according to Atlassian Forge platform specifications (https://developer.atlassian.com/platform/forge/storage-reference/hosted-storage-data-lifecycle/ ).

8. Data Subject Rights

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

  • The right to access: You can request information about the personal data we hold about you and obtain a copy of it.

  • The right to rectification: You may ask us to correct or complete inaccurate or incomplete data.

  • The right to erasure: In certain cases, you can request the deletion of your personal data.

  • The right to restrict processing: You may request the restriction of processing your personal data under certain circumstances.

  • The right to object: You can object to the processing of your data for particular purposes, such as direct marketing.

  • The right to data portability: If applicable, you may receive your personal data in a structured, commonly used, machine-readable format or have it transmitted to another controller.

  • The right to withdraw consent: Where processing is based on your consent, you can withdraw this consent at any time, without affecting the lawfulness of processing before withdrawal.

  • The right to lodge a complaint: You have the right to file a complaint with a supervisory authority if you believe your data are not being handled in accordance with data protection laws.

To exercise your rights or for any privacy-related questions, please contact us at the details provided in this privacy policy.