How seriously does the Out of Office Assistant take customer privacy and security?

The Out of Office Assistant treats customer privacy and security very seriously and believes in full transparency around these issues.

Does the Out of Office Assistant share any customer data with third parties?

The Out of Office Assistant does not share customer data with third parties unless legally obligated, which has not been necessary to date.

For how long does the Out of Office Assistant retain customer data?

The app retains all personal data in its databases for a year after the last commercial interaction with the customer, which does not include outreach activities like emails.

What customer interactions are considered when determining the data retention period?

Interactions initiated by the customer with the app's support and marketing teams are considered, regardless of whether an evaluation or commercial license is active.

How can a customer request access to or deletion of their data held by the Out of Office Assistant?

By reaching out to our support team with a ticket here, detailing the url of the customer instance and the Atlassian user account ID.

Can customers opt out of data collection by the Out of Office Assistant?

Yes, they can. However, since Out of Office Assistant collects only the information that is strictly necessary for the functionality of the app, opposing to the use of personal information such as the Atlassian account ID will result in the loss of such functionality. Considering the network effects of the app, we recommend conducting a rigorous evaluation of whether such opposition is necessary.

How does the Out of Office Assistant comply with privacy regulations like GDPR?

Out of Office fully complies with GDPR regulations.

Further information: For more details, please access our Privacy Policy.

How is user data encrypted when using the Out of Office App?

Connect install credentials are stored in our MongoDB at AWS us-east-1 with encryption at rest. Cryptographic frameworks are used to secure data in transit over secure networks and data at rest. Passwords are not encrypted, since the app handles none.

Can users control who within the organization sees their Out of Office status?

Out of Office statuses are visible to any Jira user in the customer instance, not including JSM customers.

Exercise your rights: If you’re interested in restricting read-only access to Out of Office data, please raise a ticket with our support team here with the summary “restrict access to Out of Office data” and describe your use case. We’ll be happy to include your feedback as we further refine our roadmap.

How can I be sure my personal information is safe when using the Out of Office App?

In the first place, you must know that Out of Office Assistant, just as any other resolution app, is based on the principle of least privilege: we do not access or collect personal information, besides what is strictly necessary to offer the benefits of the app. For example, we don’t collect usernames, emails, or any other personal information besides the Atlassian account ID, which is necessary for the app’s automations to work. Secondly, everything we store, such as the Out of Office rules and the user generated content in Out of Office messages is encrypted both in transit and at rest, and is stored in secured Data Centers by our sub processors. Since we do not share any of your data with third parties, Out of Office Assistant is as secure as your Jira.

What security protocols are in place for the app's integration with external calendars?

The app’s integrations happen over the Out of Office Assistant publicly documented API.

Does the Out of Office App undergo regular security audits or assessments?

We are part of the Atlassian Bug Bounty program, which implies an ongoing scrutiny, every day, by independent security researchers.

Is data stored locally on devices or only on servers, and how is this secured?

The Out of Office Assistant for Jira Cloud stores minimal identifying information about user data. It retains the clientKey of the Jira Instance, a JWT keypair, and audit log entries (issue keys and ids, assignee account ids, changes made to issues). This data is stored to support the app's functionalities and encrypted. Full issue details are not stored. For billing and technical contacts, only the contact details provided to Atlassian are stored in their CRM system. This data is used for communication related to the app and is not shared with third parties. Personal data in their databases is removed or anonymized after a year of the last commercial interaction. Users can request access, transfer, or deletion of their data through specified channels.

In the event of a data breach, what protocols does the Out of Office App have in place?

Resolution GmbH will maintain an incident response plan and follow documented incident response policies including data breach notification to Data Controller without undue delay where a breach is known or reasonably suspected to affect Client Personal Data.

Are there logs or records of Out of Office activity and can these be audited?

The app does not have audit logs that can be accessed by admins within the Jira interface. If you’re interested in audit logs, please raise a ticket with our support team here with the summary “admin logs” and describe your use case. We’ll be happy to include your feedback as we further refine our roadmap.

How is user data from the Out of Office App protected from third-party tracking?

Out of Office data is not shared with any third parties.

Does the Out of Office App have a published privacy policy?

Please refer to resolution’s Privacy Policy and the specific section on Out of Office Assistant. Note that resolution apps in general avoid the collection and use of any personal data not needed for the functionality of the app, while personal data is used primarily for support and follow-up purposes.

How can I view or modify which data the Out of Office App collects about me?

To understand which information the Out of Office Assistant stores and how can you request to access, transfer, or delete your data, please refer to this link.

Can third parties view my Out of Office information through the app?

No. No third parties are able to view Out of Office information through the app, unless the customer takes the necessary steps to share information with third parties via the Out of Office API.

What measures are in place to ensure privacy when setting Out of Office statuses through the app?

Out of Office Assistant does not disclose the nature of the absence, nor does it support different status categories (sick leave, vacation, paid time off, etc.). This minimum information model ensures privacy by default.

Is anonymized data ever collected by the app, and how is it used?

Out of Office Assistant does not collect any anonymized user data. We may implement usage analytics in the future, but this will require an additional consent from every customer.

Are there any restrictions on data collection put forth by the app?

We try to store as little identifying information about your data (issues, projects etc) as possible in our database. Things we do store: The clientKey of your Jira Instance, A JWT keypair, Audit log entries. All the information about out of office rules is not stored on our servers but in the user data space of your Jira user. We advise to read Atlassian's Privacy Policy to better understand how your personal data will be stored in Jira and how you can exercise your rights.

Further reading: Out of Office - Data Storage Information.