Important Update Effective February 1, 2024!
Due to recent changes in Jira and Confluence, we've made the tough decision to discontinue the OpenID Connect (OIDC)/OAuth app and no longer provide new versions for the newest Jira/Confluence releases as of January 31, 2024.
This is due to some necessary components no longer shipping with Jira/Confluence, which would require some extensive rewrites of the OIDC App.
Important Update! This app will be discontinued soon!
Due to recent changes in Jira, which no longer ships with some components required for our Read Receipts app to run, we've made the tough decision to discontinue the app, as of Februar 5, 2025.
Important Update! This app will be discontinued soon!
We've made the tough business decision to discontinue the app, as of January 11, 2025.
Data Protection Statement
Privacy Policy
Protecting your personal data is very important to us. This is why we believe in the principle of data avoidance. All information on our web site is available to you without the need to provide any personal data. Only if you require assistance and open a support ticket or book a screen share session, personal data such as your name and email address is recorded, and it is only used for getting in touch with you, sorting out your problem, and following up thereafter. By providing these details to us, you agree that we use this data for these purposes.
We store your data on servers in the European Union and in the United States of America, and we do not pass them on to anyone, except if we receive a request for information from competent authorities, or if we have requested and received your explicit permission.
Your data is stored in a secured environment, and all transmission while you provide your details to us or while we are processing them is encrypted (except if you choose not to use encryption when visiting our web site). There is of course no such thing as absolute security.
Legal basis of this Data Protection Statement is the European General Data Protection Regulation EU GDP
Definitions
We want you to be able to understand what we write, and we therefore use terms in accordance with the DS-GVO, defined as follows.
Personal Data
All information related to an identified or identifiable natural person, e.g. name, address, phone number or email address.
Affected person
An individual whose personal data is stored and processed by us.
Data processing
Any procedure (collection, storage, modification, extraction, use, or deletion) that makes use of your personal data.
Responsible person
Natural or legal person making decisions about the processing of your data. In our case, this is the board of directors of the company.
Consent
By providing your personal data to us, you give consent to process your data in accordance with this Data Protection Statement. We do not acquire personal data from sources other than yourself.
Log data
Log data are automatically collected and stored records of activity and exceptional events. Some cloud-based apps may write log data, but it will not contain any personal data. Log data is also recorded when you use our web site, and even though no personal data is contained in these records, it may be possible to attribute such records with personal data if you are accessing our support web site. These records are only collected for diagnostic purposes; they are kept for a few days at most. The same holds true for debugging output of our servers and their software.
Entitled Authorities
Authorities of the Federal Republic of Germany who are entitled by law to request information from us about your personal data.
Name and address of responsible person
Responsible person in terms of the Data Protection Regulation and other data protection laws and regulations within the jurisdiction of the European Union is the board of directors. You may contact us at:
resolution Reichert Network Solutions GmbH
Oklahomastr. 14
66482 Zweibrücken
Germany
privacy@resolution.deCookies
Cookies are small texts that web sites offer to your web browser and that your web browser stores locally on your system, that are sent again to these web sites with the next request by your browser. We use cookies for tracking purposes while you are accessing our web sites. These cookies only contain random texts without any particular meaning, and preference data. All cookies used by us only have a short lifespan (several days at most); after this period, your browser will not transmit them to us anymore, and the browser will normally delete them. Our use of cookies is limited to our own web site.
Cookies are also used with Google Analytics and Google Tag Manager. Please refer to Google's privacy policy. Google also provides means to opt-out of Google Analytics tracking.
Most, if not all, web browsers offer functionality that lets you limit the use of cookies, and edit and delete them. We advise that while you are of course free to make use of such functionality, it will likely interfer with the proper function of our web site if you do.
Log data of our web site
While you are using our web site, each access to elements on it will be logged. We record a time stamp, the source IP address, what has been accessed, as well as your web browser's and your operating system's make and version, if provided by your web browser. We also record the so-called referer (i.e. the web page you came from) if sent by your browser. While you are logged in to our web site, your account name is logged along with these data. No personal data other than this is contained in the web server log.
The log is only used for analyzing bugs and problems, and for defensive purposes. No-one outside the company (except for entitled authorities on request) has access to this log. All log records are automatically deleted after a few days.
Debugging output of servers, programs, and scripts
It is possible that debug output of programs and scripts on our servers contains personal data (but this will be limited to names and email addresses). Only very few people have access to this debug output. Such output is only used for debugging purposes. No-one outside the company (except entitled authorities) is given access to debug output, and all such output is deleted automatically after several days.
Google Analytics, Google Tag Manager
We make use of Google Tag Manager (GTM). GTM does not collect any personal data. It is a tool that facilitates the integration and management of our tags. Tags are small code elements that are used to measure traffic and site visitor beavior, and they also permit measurement of the impact of online advertising and social channels, to set up remarketing and targeting, and to test and optimize our web site. We use GTM only for Google Analytics and GA Audiences.
Our web sites use Google Analytics and Google Remarketing. These services are provided by Google Inc. (“Google”). Use of these services involves the use of cookies. These cookies only contain a randomly generated identification. Google stores all data obtained through Google Analytics on servers in the United States of America. IP address records are trimmed, making it impossible to associate such data to a person. Furthermore, Google observes the data protection regulations of the "U.S. Safe Harbor" Agreement and is registered with the U.S. Department of Commerce’s "Safe Harbor" program.
Google uses this information, by order of resolution Reichert Network Solutions GmbH, to evaluate the use of the web site, to create reports on web site activity for resolution Reichert Network Solutions GmbH, and to provide further services related to web site and Internet use. Google only forwards this information to third parties if this is stipulated by law or if such third parties process the information on behalf of Google. Third-party providers, including Google, use the cookies stored in order to publish advertisements on the basis of a user’s previous visits to this web site.
By using our web sites you declare that you agree to the processing of recorded data as described above and for the purposes specified above. Furthermore, we use Google Analytics in order to obtain data from AdWords for statistic analysis.
Google provides tools for opting out. Please refer to https://www.google.com/policies/privacy/ads/. We advise you, however, that such deactivation may prevent your intended use of all the functionality of our web sites. If you do not wish us to track information about your visit to our web site, you may deactivate this in the Ads Preference Manager at https://www.google.com/settings/ads/onweb/ or at https://www.google.com/settings/ads/anonymous.
Your rights as an affected person
Right of verification
You are entitled to require verification whether or not your personal data is stored and processed by us. However, you may assume that this is only the case if you have provided these data to us when requesting support or have otherwise contacted us.
If you still require information from us, please contact us. We are here to help!
Right of information
You are, of course, entitled to request information from us about your personal data that we store and process. Rest assured, though, that this will be no other data than details you have provided to us.
Regardless, affected persons may request information about:
Reasons for processing
Categories of personal data that are processed
Who has access to your personal data
Retention periods
Your right to correct or delete personal data
Your right to object or limit processing of personal data
Your right to complain to regulating authorities
Source of data, if not provided by the affected person
We believe that we are providing answers to all these informatory rights, but you may of course request such information from us.
Right of correction
Have you noticed that we have mis-spelled your name or that something else we have recorded about you is not correct? Let us know, and we will fix it.
Right of deletion ("right to be forgotten")
If you would like us to delete all personal data we have recorded during customer support activity, just let us know. You need to understand, however, that we will no longer be able to assist you in this case.
Right of limited processing
We only store very little personal data. If there is something you would not like us to further store and process, please let us know. It may mean, however, that we need to delete all your personal data with all consequences.
Right of data transferral
We do not have any data records in transferrable form. If you would like us to provide all personal data we have on record about you, we can only do this in free-text form.
Right of objection
You may object to processing of your personal data. This is most easily done by not providing those details to us in the first place, or by requesting deletion of your personal data.
Automated decisions, including profiling
We do not perform any kind of profiling or automated decision-making. However, DoS defense mechanisms may interfere with your access to resources like our web pages when we are under attack. Don't take it personally, because it isn't meant that way.
Revocation of consent
You consent that we store and process your personal data by providing these data. This implicit consent is of course revocable. Please note however that this is likely equal to requesting deletion of all your personal data.
App-specific information
Vanity URL
All data relating to the configuration the user puts in (short URL, long URL, anchor, note), is stored on customer premises. If the user activates the recording of access events, this data is stored on the user site too. I contains the accessor's anonymized IP address, their user agent and the page they accessed. This option is disabled by default. The app does not establish contact with anything outside of the Confluence system(s) it is installed on.
Cloud apps (Embed Series of Apps for Confluence & Jira)
The apps are run on servers provided by Amazon Web Services (AWS) in the USA.For regular operations, logs contain some anonymized metadata about operations. In case of program errors, logs are more detailed and may contain personal information. These logs are only used to debug the apps and can only be accessed by the cloud admins (i.e. specific people within resolution GmbH). Logs are within AWS Cloudwatch in the same region as the App itself. These logs are retained for a maximum of one Year.
Data learned by the apps during their operation that is not needed for their proper function (e.g. messages that were scanned for relevant triggers but that didn't contain any) is immediately discarded.
Some of our apps request access to user data (name, email). Such data is never used outside of the context of the apps and is also never stored in any database. It is always requested from Atlassian services ad-hoc.
All configuration data and data necessary to run the apps which need to be saved for a short time (e.g. the access tokens for 3rd Party Services, Settings for the IFrames to be displayed) are stored in Amazon AWS RDS Databases. Access to these databases is restricted to the cloud admins, but it may be accessed by support personnel while dealing with support cases and for analytics purposes. An example for such data is anything that's entered into the configuration interface, as well as (due to a technical problem in the API) the site name.
There is also some more App-specific related information on the Links below:
Cloud apps (Out of Office Assistant, Google Analytics)
The apps are run on servers provided by Heroku (a Salesforce company) in the USA.
For regular operation, logs contain some anonymized metadata about operations. In case of program errors, logs are more detailed and may contain personal information. These logs are only used to debug the apps and can only be accessed by the cloud admins (i.e. specific people within resolution GmbH). Logs are hosted on Papertrail by SolarWinds in the USA and retained for up to 1 year. An example of such data is the text of messages that caused the issue and the error that occurred, e.g. a message that encountered a conversion error in Joint Rooms.
Data learned by the apps during their operation that is not needed for their proper function (e.g. messages that were scanned for relevant triggers but that didn't contain any) is immediately discarded.
Some of our apps request access to user data (name, email). Such data is never used outside of the context of the apps and is also never stored in any database. It is always requested from Atlassian services ad-hoc. An example would be the names that need to be transmitted during operation of Joint Rooms or in the outgoing webhooks in Unified Webhooks.
For our Stride apps, all configuration data and data necessary to run the apps which needs to be saved for a short time (e.g. the room codes for Joint Rooms or temporarily cached site information) are also stored in mLab databases. Access to these databases is restricted to the cloud admins, but it may be accessed by support personnel while dealing with support cases and for analytics purposes. An example for such data is anything that's entered into the configuration interface, as well as (due to a technical problem in the API) the site name.
Data storage for Google Analytics for Confluence and Out of Office for Jira Cloud happens on the instances they are installed on, with the exception of authorization data for those instances. This authorization data is stored in databases provided by mLab and hosted by Heroku in the USA. The authorization data consists of randomly generated secrets that are shared between Atlassian and our apps.
There is additional information available for our cloud apps:
In-App Analytics
Data Center and Server Apps
As app developers, we constantly look for ways to improve our products. Anonymous data on how some of our key features are configured, is one of the most valuable tools to help us do this.
We collect a small amount of anonymized configuration data from our SAML Single Sign-On Products Applications we offer on the Atlassian Marketplace.
This data helps us understand which features are important to you and allow us to focus our development on adding to or improving those features.
Our analytics setting defaults to the same as your overall Atlassian Analytics setting. However, you can always opt-out of sharing data with us specifically by going to our app’s settings page.Within the App you can preview what would be sent to us if you are interested. It’s also designed so that it does not contain information regarding users, logins, passwords, email addresses, company-related content, or any other type of personal data.
Its sole purpose is to provide a statistical analysis of the feature configuration in our app. The collection of such data is thus not governed by the GDPR.
Find more detailed information on a per App basis:
SAML Single Sign On (Jira, Confluence, Bitbucket, Bamboo)
List of cookies that may be set on our site
Name | Domain | Purpose |
---|---|---|
IDE | Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile. | |
1P_JAR | Google Ads Optimization - Provides ad delivery or retargeting. | |
AEC | ‘AEC’ cookies ensure that requests within a browsing session are made by the user, and not by other sites. | |
NID | The ‘NID’ cookie is used to show Google ads in Google services for signed-out users | |
SOCS | Is also used to store a user’s state regarding their cookies choices | |
AnalyticsSyncHistory | Used to store information about the time a sync with the lms_analytics cookie took place for users in the Designated Countries | |
bcookie | Browser Identifier cookie to uniquely identify devices accessing LinkedIn to detect abuse on the platform | |
li_gc | Used to store consent of guests regarding the use of cookies for non-essential purposes | |
lidc | To optimize data center selection (.linkedin.com ) | |
UserMatchHistory | Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences. | |
zc_loc | .maillist-manage.eu | Collects information on user preferences and/or interaction with web-campaign content |
_fbp | This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website. | |
_ga | This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. | |
_gcl_au | Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services. | |
_gid | This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form. | |
resolution-_zldp | This cookie identifies the unique visitors for the website | |
resolution-_zldt | This cookie identifies unique visits for a visitor in the website | |
CONSENT | YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data. | |
VISITOR_INFO1_LIVE | A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface. | |
YSC | YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages. | |
csr* / *csr* / *csr | Zoho cookie. Used to prevent (CSRF) Cross Site Request Forgery attack | |
cookieconsent_status_advertisement | Stores information about Cookie Consent choices made | |
cookieconsent_status_analytics | Stores information about Cookie Consent choices made | |
cookieconsent_status_other | Stores information about Cookie Consent choices made | |
hasSeenCookiePopUp | Stores information about Cookie Consent choices made | |
JSESSIONID | This cookie is generated by servlet containers like Tomcat and used for session management for the HTTP protocol | |
zabUserId | Used for identifying individual visitors along with the status of new and returning visitors. | |
zabVisitId | This cookie stores a unique visit key every time a user returns to the web page. Used for identifying every visit made by the user on the web page. | |
zc_consent | Zoho cookie. Collects information on user preferences and/or interaction with web-campaign content | |
zc_cu | Zoho cookie. Collects information on user preferences and/or interaction with web-campaign content – This is used on CRM-campaign-platform for promoting events or products. | |
zc_cu_exp | Zoho cookie. Collects information on user preferences and/or interaction with web-campaign content | |
zc_show | Zoho cookie. Collects information on user preferences and/or interaction with web-campaign content | |
zc_tp | Zoho cookie. Collects information on user preferences and/or interaction with web-campaign content | |
OTZ | The cookie also allows Google Ads and Google Analytics to compile information on visitors for marketing purposes | |
zft-sdc | Zoho cookie - Analytics | |
zsc* | Zoho cookie. The ZSC Key allows you to fetch data stored in Zoho CRM from other Zoho services. | |
zps-tgr-dts | This cookie stores the session's metadata on your website | |
zld"+<@lsid@>+"state | Zoho cookie. This cookie stores the minimization and maximization state of an embed on the website. | |
zab_fyFzMWt | Used for identifying individual visitors along with the status of new and returning visitors. | |
ZCAMPAIGN_CSRF_TOKEN | Used to prevent (CSRF) Cross Site Request Forgery attack | |
LS_CSRF_TOKEN | This cookie is used for security purposes in order to avoid Cross-Site Request Forgery, (CSRF) for the AJAX calls made by the visitor | |
ZCAMPAIGN_CSRF_TOKEN | Used to prevent (CSRF) Cross Site Request Forgery attack | |
uesign | This cookie is used to manage the security of the applications. | |
_GRECAPTCHA | reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis. |