Versions Compared

Old Version 1

changes.mady.by.user Anna Odrynska

Saved on

compared with

New Version 2

changes.mady.by.user Anna Odrynska

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

The aim of this documentation is to cover all of the relevant information about the Data Security & Privacy Statement of Alpha Serve to help our customers see clearly what we do and really don't do with their data.

Introduction

Protecting your data and your privacy is our highest priority and is very important for us. Alpha Serve adheres to a strict policy for ensuring the security and privacy of your data, in particular, your personal information (such as full name, address, email address, and/or other identifiable information, collectively such personally identifiable information Personal Data).

This Data Security and Privacy Statement will provide you with an overview of the collection and processing of your data for Shopify Apps.

In the following, all data created by a Shopify App end-user are defined as Customer Data.

Data Security and Privacy of Our Apps

We support the latest technical and organizational measures to ensure data security, in particular, to protect your Personal Data. These measures are updated on a regular basis to stay up to date. We would like to draw your attention to the fact that security gaps are possible when transmitting data on the Internet, and it is impossible to ensure complete protection of data from unauthorized or malicious access by third parties. If you are interested in our data protection concept, please contact us.

We draw your attention to the fact that we do not collect, store or process any personal/ confidential information in applications suitable for Atlassian products, nor do we collect, store or process any analytical or tracking data, but nor do we place cookies or tracking beacons in any applications suitable for Atlassian products.

For several applications, we use the option to include YouTube videos to the AppStore product pages, allowed by Shopify. All the videos used on the mentioned pages are stored on www.YouTube.com. In general, this means that some of your user data can be transmitted when you are playing these videos. We are not able to influence or prevent this data transfer. If you don’t want this data transfer, avoid playing the videos.

We may use the option of Google Analytics integration to our AppStore product pages, allowed by Shopify. Please, note that all such information is anonymized, no personal data can be received or identified. We may use this information to analyze user experience for continuous product improvement.

Some of our applications depend on the use of personal data, such as usernames and email addresses. All this information is used by the application for internal functional purposes only. Please, pay special attention that the app does not collect, process or store any commercial data of the customer. 

The following data only is being processed on our side:

  • Shopify shop id

  • myshopify_domain

  • Shopify Access Token to make requests to the Shopify API

Some of our applications depend on the use of personal data, such as usernames and email addresses.We do not collect, process or store any personal data, except the data provided to Shopify during licence purchase (company name, myshopify_domain, Shopify plan, contact email, contact phone number, country name). This data is stored by Shopify, not by Alpha Serve.

We draw your attention to the fact that we do not collect, store or process any personal/confidential information in applications, nor do we collect, store or process any analytical or tracking data, but nor do we place cookies or tracking beacons in any applications.

Data Access

We support the latest technical and organizational measures to ensure data security. These measures are updated on a regular basis to stay up to date. We would like to draw your attention to the fact that security gaps are possible when transmitting data on the Internet, and it is impossible to ensure complete protection of data from unauthorized or malicious access by third parties.

Only authorized Alpha Serve employees and subcontractors from our support and development teams have access to Customer Data. Such subcontractors are contractually bound to the same data security and privacy standards that apply to us.

Data Hosting

All the customer data is hosted, stored and processed by Shopify.

Our apps create a request for data based on parameters provided by the customer parameters. Shopify prepares a dataset and provides it via URL to Alpha Serve. The app uses the URL to provide the requested data to the customer. Thus, Alpha Serve does not store or process your data, we just transfer it. You can find more about it here.


We store the URL only, which is valid for a week only. Currently, we are changing the approach to the data storage to make the encryption more secure and will finalise this in the nearest weeks. 

Customer Payment Data

Storage Terms

The Product stores the following personal data in its database:

  • connection details to SMTP servers including the username and passwords necessary to authenticate by the remote mail server. SMTP Connection passwords are encrypted with industry-standard strong encryption.

Process Email Addresses Terms

We do not store user email addresses and always retrieve current user data at the time of use using Atlassian APIs. We do not use email addresses in the UI, as described in Designing for profile visibility. We share email addresses only with the SMTP server, that required to provide the service to the end-user. If the user is selected as the recipient of the email, we use the email address to send a message to the SMTP server. This is the main use case of our application.

Backups

This section explains our backup and recovery policy for customer data:

  • Our backup data is securely stored, unauthorized access to backup data is not possible.

  • We back up at least once a day, and we keep the backups.

Please read the documentation of the product for further details

Billing Data Storage Terms

All the customer payments for the app are processed via Shopify. We are not a part of this process.

Our app does not collect any payment information about the users.

We may store your billing information (company name, tax codes, bank details, country, contacts of the involved Atlassian partner) only to fulfil the requirements of the local tax legislation. We are not able to influence this data storage.

Application and Infrastructure Security

This section explains the security measures we've taken in our application and infrastructure:

  • Alpha Serve support team accesses addon data only for the purposes of application health monitoring and performing system or application maintenance, and upon customer request for support purposes.

  • Customers are responsible for maintaining the security of their own Confluence and Jira Cloud login information.

  • Communication between the Cloud products and the AddOn server is done using web requests. All web requests are encrypted, digitally signed, authenticated and authorized.

  • AddOn server is only accessible through secure protocols (e.g. https).

Please read the documentation of the product for further details.

Customers of Our Apps

By purchasing a commercial or academic license, our customers accept the following:

  • Alpha Serve will receive personal information of the technical person from Atlassian.

  • Alpha Serve will retain all personal information that is shared by Atlassian with Alpha Serve (Atlassian's policy on sharing personal information).

  • Alpha Serve will retain personal information during the active maintenance period and after the expiration of the last maintenance period.

    • Alpha Serve may send emails containing product news, tips, best practices, webinar or training details, event-related information. To comply with GDPR regulations, customers can request the removal, rectification or review of their own personal information stored in the support system by sending an email to support@alpha-serve

    .

    com or by clicking the unsubscribe link in the emails received.Access to Customer Data

    Only authorized Alpha Serve employees and subcontractors from our support and development teams have access to Customer Data. Such subcontractors are contractually bound to the same data security and privacy standards that apply to Alpha Serve.

    Subcontractors

    Our subcontractors are:

    • Amazon (Amazon.com, Inc.), is an American multinational technology company based in Seattle, Washington. Our Cloud Apps are hosted on Amazon Platform in Oregon, USA. The Amazon privacy statement can be found here.

    • Sentry (Sentry is a registered trademark of Functional Software, Inc.), San Francisco, USA: We use Sentry for real-time error tracking of our Cloud Apps' resources executed in the end-users' browsers to reproduce and fix crashes. The Sentry privacy statement can be found here.

    End of subscription

    If a customer unsubscribes from our Cloud App we mark stored Customer Data for deletion. However, the customer can contact us to ask for immediate manual deletion.

    SERVER & DATA CENTER APPS

    Data Storage

    Unless otherwise stated below our Server and Data Center Apps do not store Customer Data locally, but store Customer Data in the corresponding Atlassian On-Premise Product.

    Exceptions applying to all Server and Data Center Apps:

    • Support Data: Our Apps may offer a problem report functionality which can be triggered in the respective Apps. If an App offers such functionality, it allows you to automatically report the error to our support team. This functionality will collect relevant support data (Support ZIP) from the customers' system and will create a support ticket in our support system on behalf of your users' email address. This data will be stored in the support system, but also downloaded to our own IT-system by a member of our support team. The same applies to all data manually sent by the customer reporting an error to our support team.

    • Real-time Error Tracking Data: Our Apps may track errors of their resources executed in the end-users' browsers in real-time. This includes, for example, AddOnKey, ClientKey, BaseUrl, anonymized TrackingID, error messages and information about the environment such as browser type, browser version, and operating system. It is exclusively used in order to improve our service.

    Data Storage Terms

    The Product stores the following personal data in its database:

    • connection details to SMTP servers including the username and passwords necessary to authenticate by the remote mail server. SMTP Connection passwords are encrypted with industry-standard strong encryption.

    Process Email Addresses

    Email Addresses Processing Terms

    We do not store user email addresses and always retrieve current user data at the time of use using Atlassian APIs. We do not use email addresses in the UI, as described in Designing for profile visibility. We share email addresses only with the SMTP server, that required to provide the service to the end-user. If the user is selected as the recipient of the email, we use the email address to send a message to the SMTP server. This is the main use case of our application.

    Backups

    This section explains our backup and recovery policy for customer data:

    • Our backup data is securely stored, unauthorized access to backup data is not possible.

    • We back up at least once a day, and we keep the backups.

    Please read the documentation of the product for further details

    Billing Data Storage Terms

    We may store your billing information (company name, tax codes, bank details, country, contacts of the involved Atlassian partner) to fulfil the requirements of the local tax legislation. We are not able to influence this data storage.

    Application and Infrastructure Security

    This section explains the security measures we've taken in our application and infrastructure:

    • Alpha Serve support team accesses addon data only for the purposes of application health monitoring and performing system or application maintenance, and upon customer request for support purposes.

    • Customers are responsible for maintaining the security of their own Jira login information.

    • AddOn server is only accessible through secure protocols (e.g. https).

    Please read the documentation of the product for further details.

    Customers of Our Apps

    By purchasing a commercial or academic an app license, our customers accept the following:

    • Alpha Serve will receive personal information of the technical person from Atlassian.

    • Alpha Serve will retain all personal information that is shared by Atlassian with Alpha Serve (please, check Atlassian's policy on sharing personal information for more details).

    • Alpha Serve will retain personal information may process personal information during the active maintenance period and after the expiration of the last maintenance period.

    • Alpha Serve may send emails containing product news, tips, best practices, webinar or training details, event-related information.

    • To comply with GDPR regulations, customers can request the removal, rectification or review of their own personal information stored in the support system by sending an email to support@alpha-serve.com or by clicking the unsubscribe link in the emails received.

    Access to Customer Data

    Only authorized Alpha Serve employees and subcontractors from our support and development teams have access to Customer Data. Such subcontractors are contractually bound to the same data security and privacy standards that apply to Alpha Serve.

    Licence Termination

    If a customer does not renew the purchased licence after expiration, we mark stored Customer Data for deletion. However, the customer can contact us to ask for immediate manual deletion.

     
    Info

    Remember that you have an option to test the app performance and functionality on the development stores to be sure about its security and work.