This document describes our general policy. Each product has a unique amendment to this policy and offers a concise summary of the data processed to help you in your auditing process.
The unique amendments can be found at our overview of App Function Descriptions.
By using our products, you are consenting to the collection, use, disclosure and transfer of the information as described in this privacy statement. If you do not consent, you cannot use our products.
Name and address of the controller
For any data you transfer to us by interacting with one of our products, the controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is the company addcraft GmbH - see our imprint for contact and address details.
Data protection office
To review and update your personal information to ensure it is accurate, contact our data protection office.
Data collected from operating a cloud product
When using an addcraft cloud product, some of the data processing is performed on servers operated by addcraft. For details about which data is processed per product, see the individual product amendment.
Licensing information for cloud products
We store the data provided by Atlassian about your Atlassian cloud product installation and the add-on installation, including the URL of your Cloud Instances, the Identification of your add-on purchase etc.
This data is used to:
Validate that your use of the add-on is legit.
Create anonymous statistics about the number of installations and their software versions.
As is true with most websites and services delivered over the Internet, we gather certain information and store it in log files when you interact with our cloud products. This information includes internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your Devices, your mobile carrier, and system configuration information.
The URLs you accessed (and therefore included in our log files) may include informations about your Atlassian cloud systems like:
paths of your Confluence pages
Confluence space names and keys
Jira issue keys
as necessary for our product to perform the requested operations.
Occasionally, we may use the information from web logs to process your service portal request and diagnose individual service quality.
Hosting by AWS in Frankfurt, Germany
Our cloud products are operated by Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, Washington 98109-5210, USA (“AWS”).
All customer data is stored in a data center operated by AWS in Frankfurt, Germany. The german law applies. Data processing is governed by a DPA between addcraft and AWS. To learn more about how AWS processes your data while delivering our products, see the AWS Data Protection Website.
Perform mandatory functions of the product like saving your preferences and performing identity and security management.
Perform optional product analytics functions - see the section “Data collected for product analytics” for details. You can disable these optional functions.
However, please note that doing this may affect how our software functions. Some pages and services may become unavailable to you.
Data collected when we give you support
Our service portal, reachable at https://addcraft.atlassian.net/servicedesk/customer/portals, is operated by Atlassian Pty Ltd (“Atlassian”) on our behalf. Atlassian acts as our data processor, the processing is governed by an Data Processing Agreement between addcraft and Atlassian.
When using the service portal
Our email infrastructure is operated by Microsoft Ireland Operations, Ltd., One Microsoft Place, South County Industrial Park, Leopardstown, Dublin 18, D18 P521, Ireland (“Microsoft”).
If you send us emails or interact with our service portal, at least parts of the information you sent is stored and processed by Microsoft on our behalf. The data is stored in accordance with german commercial law: we will not delete our electronic communication data within 10 years of receiving.
The relevant legal basis is point (b) of Article 6(1) GDPR – we need to process and store the emails you sent to be able to respond to your enquiry.
Data collected for product analytics
Usage statistics via Firebase
To gain an understanding about how our products are used, we use Firebase in our products. This is a service for the analysis of accesses to web applications of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (hereinafter: "Firebase"). Using cookies, Firebase stores and processes the following information:
Type of Internet browser used
Internet browser version
Your operating system
Referrer (previously visited website)
Your abbreviated IP address
Time of the server request
We use the Firebase function to render your IP address anonymous before saving or processing. Your IP address usually is abbreviated within the European Union/EEA and only then transmitted to Google servers in the USA. Your information will be processed pseudonymously. The reports include:
Number of uses of certain product features
Duration of the usage of certain product features
Quantity and timing of certain features
Firebase data processing is optional
This data is only transferred to Google if the analytics feature of our product is activated in the admin area. Additionally, you have multiple options to prevent data transfer to Google:
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing such data by downloading and installing the browser plug-in available under the following link (http://tools.google.com/dlpage/gaoptout?hl=en).
You can prevent cookies from being saved either directly in your browser settings.
Crash reporting via Sentry
We use the product Sentry from Functional Software, Inc. d/b/a Sentry, 132 Hawthorne St, San Francisco, CA 94107, USA (“Sentry”) to analyze and debug crashes and exceptions that happen in our products.
In the event of a crash or unhandled exception in one of our products, the product collects technical information about the event like
the part of our program code the event happened
the circumstances under which the event happened
and sends this information to Sentry, where it is stored. We use this data exclusively to diagnose malfunctions and thereby raise the quality of our products.
In rare cases it is possible that this crash data accidentally contains personally identifiable information of an end user. Sentry takes precautions to remove such data automatically by anonymizing it. In the very rare case that such information is included in the crash data and is not automatically removed, our team is trained to remove this information from the crash data as soon as it is discovered.
On server and data center, crash reporting is mostly optional
On server and data center variants of our products, data transfer to Sentry is optional and can be disabled in the admin area of the product.
However, if a crash occurs in the startup phase of the product before the product was able to determine whether crash reporting is enabled or disabled, the crash will be reported by default.
Data collected around your product purchase
Contact data provided via the Atlassian Marketplace transaction
Contact data provided by the Atlassian Marketplace over the course of purchasing a license for our product will be filed and evaluated. This data will be used:
to generate sales reports and statistics that help us determine how we are doing
to send emails with relevant information about the usage of our product and further informations about the setup of the product to you.
The relevant legal basis is point (b) of Article 6(1) GDPR and the existing EULA between Atlassian and you, governing your usage of the Atlassian Marketplace.
The contact data we receive from the Atlassian Marketplace contains only some contact data for technical and billing contacts that were involved in the purchasement process. No end user data is included or used.
Usage of Hubspot for email delivery
To send you these emails and provide you with an unsubscribe functionality, we use the HubSpot marketing automation software of the American company Hubspot Inc., 2nd Floor 30 North Wall Quay, Dublin 1, Ireland (hereinafter referred to as “Hubspot”). Hubspot is an integrated software solution by which we cover different aspects of our digital marketing, sales and customer relation management.
Further data that might be collected in the course of the email communication:
Every email contains a link to a preference page on which you can specify your interests (e.g. marketing information, events) in order that we can provide you with subject-relevant information.
The personal data which you provide, e.g. when using a hubspot-based contact form or subscribing to our newsletter or purchasing a license in the Atlassian Marketplace that in turn is reported to us via the Marketplace API, are stored on the servers of our software partner HubSpot. The data processing is governed by a DPA between addcraft and Hubspot.
Your personal data will exclusively be used for our communication with you, our customer, and will not be passed on to any unauthorized third parties. The data will be stored in our marketing automation tool Hubspot for as long as the subscription is active.
You always have the possibility to withdraw your consent to the processing of your data. Every emailcontains an unsubscribe link. Furthermore you can always send an email to firstname.lastname@example.org and inform us of your withdrawal. All personal data stored in the course of the subscription will immediately be deleted in the event of withdrawal of the consent to data processing and simultaneous application for erasure of data.
More information about Hubspot
Any information gathered by us is subject to this Data Privacy Statement. HubSpot is certified under the terms of the "EU - U.S. Privacy Shield Frameworks" and is subject to the TRUSTe's Privacy Seal as well as "U.S. - Swiss Safe Harbor" framework. This means that any processing of personal data by certified companies in the non-European region conforms to European data protection standards.
More information on HubSpot’s data protection regulations can be found here.
More information by HubSpot regarding the EU data protection regulations can be found here.
More information on the cookies used by HubSpot can be found here.
We may update this privacy statement to reflect changes to our information practices. If we make any material changes we may notify you by showing an information on the websites (where technically feasible). We encourage you to periodically review this page for the latest information on our privacy practices.
If we are involved in a reorganization, merger, acquisition or sale of our assets, your information may be transferred as part of that deal. We may notify you (for example, via a message to the email address associated with your account) of any such deal and outline your choices in that event.
This document was last revised in January 2021.