This data privacy policy describes how we process data from the usage of our products.

If you are looking for our data privacy policy when visiting one of our websites, please head over here.

This privacy policy describes how addcraft GmbH, Viktoriaplatz 12, 64293 Darmstadt, Germany (“addcraft”) protects and makes use of the information you give addcraft when you use one of addcrafts software products.

This document describes our general policy. Each product has a unique amendment to this policy and offers a concise summary of the data processed to help you in your auditing process.

The unique amendments can be found at our overview of App Function Descriptions.

By using our products, you are consenting to the collection, use, disclosure and transfer of the information as described in this privacy statement. If you do not consent, you cannot use our products.

Name and address of the controller

For any data you transfer to us by interacting with one of our products, the controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is the company addcraft GmbH - see our imprint for contact and address details.

Data protection office

To review and update your personal information to ensure it is accurate, contact our data protection office.

In case you have questions about our data privacy policy, feel free to contact our data protection office via our central dispatching mail address hello@addcraft.io.

Data collected from operating a cloud product

When using an addcraft cloud product, some of the data processing is performed on servers operated by addcraft. For details about which data is processed per product, see the individual product amendment.

Licensing information for cloud products

We store the data provided by Atlassian about your Atlassian cloud product installation and the add-on installation, including the URL of your Cloud Instances, the Identification of your add-on purchase etc.

This data is used to:

  • Validate that your use of the add-on is legit.

  • Create anonymous statistics about the number of installations and their software versions.

Web Logs

As is true with most websites and services delivered over the Internet, we gather certain information and store it in log files when you interact with our cloud products. This information includes internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your Devices, your mobile carrier, and system configuration information.

The URLs you accessed (and therefore included in our log files) may include informations about your Atlassian cloud systems like:

  • paths of your Confluence pages

  • Confluence space names and keys

  • Jira issue keys

as necessary for our product to perform the requested operations.

Occasionally, we may use the information from web logs to process your service portal request and diagnose individual service quality.

Hosting by AWS in Frankfurt, Germany

Our cloud products are operated by Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, Washington 98109-5210, USA (“AWS”).

All customer data is stored in a data center operated by AWS in Frankfurt, Germany. The german law applies. Data processing is governed by a DPA between addcraft and AWS. To learn more about how AWS processes your data while delivering our products, see the AWS Data Protection Website.

Cookies

Our products use cookies. Cookies are text files that are stored in a computer system via an Internet browser. They enable our software to identify your computer as you make requests to our product.

Cookies allow applications to store your preferences in order to present content, options or functions that are specific to you. In our products, we use cookies to:

  • Perform mandatory functions of the product like saving your preferences and performing identity and security management.

  • Perform optional product analytics functions - see the section “Data collected for product analytics” for details. You can disable these optional functions.

You can use your web browser's cookie settings to determine how our website uses cookies. If you do not want our website to store cookies on your computer or device, you should set your web browser to refuse cookies.

However, please note that doing this may affect how our software functions. Some pages and services may become unavailable to you.

Unless you have changed your browser to refuse cookies, our software will issue cookies when you visit it.

Data collected when we give you support

Our service portal, reachable at https://addcraft.atlassian.net/servicedesk/customer/portals, is operated by Atlassian Pty Ltd (“Atlassian”) on our behalf. Atlassian acts as our data processor, the processing is governed by an Data Processing Agreement between addcraft and Atlassian.

When using the service portal

When you visit the service portal, Atlassian collects data about you as described in their privacy policy and their cookies and tracking notice.

When you communicate with us using the service portal, you may submit personal data in the request form. This data is stored and processed on our behalf by Atlassian, as described in their privacy policy. Additionally, it may be sent to addcraft employees via email.

Email communication

Our email infrastructure is operated by Microsoft Ireland Operations, Ltd., One Microsoft Place, South County Industrial Park, Leopardstown, Dublin 18, D18 P521, Ireland (“Microsoft”).

If you send us emails or interact with our service portal, at least parts of the information you sent is stored and processed by Microsoft on our behalf. The data is stored in accordance with german commercial law: we will not delete our electronic communication data within 10 years of receiving.

The relevant legal basis is point (b) of Article 6(1) GDPR – we need to process and store the emails you sent to be able to respond to your enquiry.

Data collected for product analytics

Usage statistics via Google Analytics

To gain an understanding about how our products are used, we use Google Analytics in our products. This is a service for the analysis of accesses to web applications of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (hereinafter: "Google Analytics"). Using cookies, Google Analytics stores and processes the following information:

  • Type of Internet browser used

  • Internet browser version

  • Your operating system

  • Referrer (previously visited website)

  • Your abbreviated IP address

  • Time of the server request

We use the Google Analytics function to render your IP address anonymous before saving or processing. Your IP address usually is abbreviated within the European Union/EEA and only then transmitted to Google servers in the USA. Your information will be processed pseudonymously. The reports include:

  • Number of uses of certain product features

  • Duration of the usage of certain product features

  • Quantity and timing of certain features

Google Analytics data processing is optional

This data is only transferred to Google if the analytics feature of our product is activated in the admin area. Additionally, you have multiple options to prevent data transfer to Google:

  • You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing such data by downloading and installing the browser plug-in available under the following link (http://tools.google.com/dlpage/gaoptout?hl=en).

  • You can prevent cookies from being saved either directly in your browser settings.

Crash reporting via Sentry

We use the product Sentry from Functional Software, Inc. d/b/a Sentry, 132 Hawthorne St, San Francisco, CA 94107, USA (“Sentry”) to analyze and debug crashes and exceptions that happen in our products.

In the event of a crash or unhandled exception in one of our products, the product collects technical information about the event like

  • the part of our program code the event happened

  • the circumstances under which the event happened

  • environment information

and sends this information to Sentry, where it is stored. We use this data exclusively to diagnose malfunctions and thereby raise the quality of our products.

In rare cases it is possible that this crash data accidentally contains personally identifiable information of an end user. Sentry takes precautions to remove such data automatically by anonymizing it. In the very rare case that such information is included in the crash data and is not automatically removed, our team is trained to remove this information from the crash data as soon as it is discovered.

On server and data center, crash reporting is mostly optional

On server and data center variants of our products, data transfer to Sentry is optional and can be disabled in the admin area of the product.

However, if a crash occurs in the startup phase of the product before the product was able to determine whether crash reporting is enabled or disabled, the crash will be reported by default.

Data collected around your product purchase

Contact data provided via the Atlassian Marketplace transaction

Contact data provided by the Atlassian Marketplace over the course of purchasing a license for our product will be filed and evaluated. This data will be used:

  • to generate sales reports and statistics that help us determine how we are doing

  • to send emails with relevant information about the usage of our product and further informations about the setup of the product to you.

The relevant legal basis is point (b) of Article 6(1) GDPR and the existing EULA between Atlassian and you, governing your usage of the Atlassian Marketplace.

The contact data we receive from the Atlassian Marketplace contains only some contact data for technical and billing contacts that were involved in the purchasement process. No end user data is included or used.

Usage of Hubspot for email delivery

To send you these emails and provide you with an unsubscribe functionality, we use the HubSpot marketing automation software of the American company Hubspot Inc., 2nd Floor 30 North Wall Quay, Dublin 1, Ireland (hereinafter referred to as “Hubspot”). Hubspot is an integrated software solution by which we cover different aspects of our digital marketing, sales and customer relation management.

Further data that might be collected in the course of the email communication:

  • Every email contains a link to a preference page on which you can specify your interests (e.g. marketing information, events) in order that we can provide you with subject-relevant information.

The personal data which you provide, e.g. when using a hubspot-based contact form or subscribing to our newsletter or purchasing a license in the Atlassian Marketplace that in turn is reported to us via the Marketplace API, are stored on the servers of our software partner HubSpot. The data processing is governed by a DPA between addcraft and Hubspot.

Your personal data will exclusively be used for our communication with you, our customer, and will not be passed on to any unauthorized third parties. The data will be stored in our marketing automation tool Hubspot for as long as the subscription is active.

You always have the possibility to withdraw your consent to the processing of your data. Every emailcontains an unsubscribe link. Furthermore you can always send an email to hello@addcraft.io and inform us of your withdrawal. All personal data stored in the course of the subscription will immediately be deleted in the event of withdrawal of the consent to data processing and simultaneous application for erasure of data.

More information about Hubspot

Any information gathered by us is subject to this Data Privacy Statement. HubSpot is certified under the terms of the "EU - U.S. Privacy Shield Frameworks" and is subject to the TRUSTe's Privacy Seal as well as "U.S. - Swiss Safe Harbor" framework. This means that any processing of personal data by certified companies in the non-European region conforms to European data protection standards.

  • More information on HubSpot’s data protection regulations can be found here.

  • More information by HubSpot regarding the EU data protection regulations can be found here.

  • More information on the cookies used by HubSpot can be found here.

Other information

Changes to this data privacy policy

We may update this privacy statement to reflect changes to our information practices. If we make any material changes we may notify you by showing an information on the websites (where technically feasible). We encourage you to periodically review this page for the latest information on our privacy practices.

Other changes

If we are involved in a reorganization, merger, acquisition or sale of our assets, your information may be transferred as part of that deal. We may notify you (for example, via a message to the email address associated with your account) of any such deal and outline your choices in that event.
We may revise this Privacy Policy from time to time, and will post the most current version on our website. If a revision meaningfully reduces your rights, we will notify you.

Last revision

This document was last revised in January 2021.