Protecting your data and your privacy is a high priority and is very important to us. Subroutine adheres to a strict policy for ensuring the security and privacy of your data, in particular your personally identifiable information (such as full name, address, e-mail address, and/or other identifiable information, collectively such personally identifiable information "Personal Data").
Subroutine provides hosted services ("Cloud Apps") for Atlassian Cloud Products. The Apps are delivered through the Atlassian Connect App framework ("Atlassian Connect"). Cloud Apps can be identified by the "Cloud" category in the corresponding Atlassian Marketplace listing.
In the following all data created by an Atlassian Cloud end user and stored within the Atlassian Product are defined as "Customer Data".
We maintain state-of-the-art technical and organizational measures in order to ensure data security, in particular for the protection of your Personal Data. These measures are updated from time to time in order to remain state-of-the-art. If your are interested in our data security concept please contact us.
Unless otherwise stated below our Cloud Apps do not store Customer Data locally, but store Customer Data in the corresponding Atlassian Cloud Product. The Atlassian Cloud Product Security Statement can be found here.
Exceptions applying to all Cloud Apps:
- Account Data: Our Cloud Apps store data provided and generated by Atlassian, that are required for license validation, contract administration and communication with the customer instance. This includes for example AddOnKey, ProductType, ClientKey, BaseUrl, ServiceEntitlementNumber, SharedSecret, OauthClientId. Account Data is deleted at the latest 180 days after the customer unsubscribed from the service (see below section "End of Subscription").
- Session Data: Our Cloud Apps store data resulting from the customer' use of the service and is distinguished from Customer Uploaded Data. This includes for example usage statistics of service functionality such as the total number of exports per day. This data is anonymized. Therefore, we cannot identify the end user this data relates to. It is exclusively used in order to improve our service. It does not contain any Customer Uploaded Data or Operation Data.
- Support Data: Our Cloud Apps may offer a problem report functionality which can be triggered in the respective Apps. If a Cloud App offers such functionality, it allows you to automatically report the error to our support team. This functionality will collect relevant support data (e.g. Account Data, Operation Data, Customer Uploaded Data) from our systems and will create a support ticket in our support system on behalf of your users' email address. This data will be stored in the same data location that executed the operation, but also downloaded to our own IT-system by a member of our support team. The data is usually deleted as soon as it is not longer required for providing the service, however, latest 180 days after the customer unsubscribed from the service (see below section "End of Subscription").
- Real-time Error Tracking Data: Our Cloud Apps track errors of our Cloud Apps' resources executed in the end users' browsers in real-time. This includes for example AddOnKey, ClientKey, BaseUrl, anonymized TrackingID, error messages and information about the environment such as browser type, browser version and operating system. It is exclusively used in order to improve our service.
- Product Analytics Data: Our Cloud Apps track user behavior to allow better product decisions based on these insights. This includes for example usage of service features such as how often certain features are used and how they are used. This data is anonymized. Therefore, we cannot identify the end user this data relates to. It is exclusively used in order to improve our service.
Access to Customer Data
Only authorized Subroutine employees and subcontractors from our support and development teams have access to Customer Data. Such subcontractors are contractually bound to the same data security and privacy standards that apply to us.
End of subscription
If a customer unsubscribes from our Cloud App we mark stored Customer Data, for deletion. The data is deleted after 180 days at the latest if the customer does not re-subscribe. However the customer can contact us to ask for an earlier deletion.