Plugin Vault Privacy and Security Statement
Last Updated: January 25, 2025
Plugin Vault is committed to maintaining the privacy and security of our users’ data. This Privacy and Security Statement explains our practices for data collection, processing, and protection for all products developed for the Atlassian Marketplace, including Mention Groups for Jira.
Privacy Practices
1. Data Collection
We collect and process the following types of personal data:
- Email Addresses: Collected during product installation and usage for communication and support purposes.
- Usage Logs: Collected for analytics and improving product performance.
Data Sources: Data is gathered via Atlassian APIs.
Data Minimization: We only collect the data necessary to provide and improve our services.
2. Purpose and Legal Basis for Data Processing
- Customer Support: Data is processed under contractual necessity to provide effective support.
- Analytics: Processed under legitimate interests to improve product performance.
3. Data Sharing and Retention
- Third-Party Sharing: Data is shared with Atlassian as required for product functionality.
- International Transfers: Data may be transferred outside the EU/EEA in compliance with Atlassian’s Forge platform standards.
- Data Retention: Data is retained while the product is installed and deleted within 90 days of uninstallation.
4. User Rights
Users have the following rights under GDPR and CCPA:
- Access, correction, deletion, and portability of their data.
- California residents may also opt out of data sales and request details about collected data.
Data Requests: Contact privacy@pluginvault.dev to exercise your rights.
5. Cookies and Analytics
We use cookies and analytics tools such as Google Analytics and Atlassian Analytics to improve our services and gather insights.
Security Practices
1. Data Handling and Storage
- Security Measures: Data is encrypted and stored securely using Atlassian’s infrastructure and compliance frameworks.
- Access Controls: Least privilege access controls are implemented to ensure data protection.
2. Authentication and Permissions
- Authentication Mechanisms: We utilize Atlassian’s OAuth 2.0 and secure APIs for authentication.
- Role-Based Permissions: Permissions are inherited from Atlassian’s developer platform.
3. Secure Development Lifecycle (SDLC)
- Planning: Security risks are identified during design using threat modeling.
- Development: Adherence to coding best practices ensures secure code.
- Testing: Manual and automated testing identifies vulnerabilities.
- Deployment: Code is deployed only after thorough review and validation.
4. Incident Management
- Reporting Incidents: Users can report incidents to support@pluginvault.dev.
- Response and Notification: Incidents are promptly investigated, and users are notified of any data breaches as required by law.
5. Compliance with Regulations
Plugin Vault complies with GDPR, CCPA, and Canadian privacy laws, ensuring transparency and data protection.
6. User Communication
- Policy Updates: Updates to our privacy and security practices are reflected in this statement and communicated through a “Last Updated” section.
- Transparency: Users are prompted to review this policy during app installation.
If you have any questions about this statement, contact us at privacy@pluginvault.dev or support@pluginvault.dev.
