No. All user PII data is anonymized by Jira, and as a plugin, we just deal with user IDs that are associated with users that is assigned by Jira.
Yes. No personally identifiable information (PII) is stored. Zephyr Squad only stores user identifiers, and any user information displayed in the app comes from Jira. For more information, see SmartBear Privacy Policy.
We do not extract any data from Jira other than issue links to the test cases. The rest of the data is specific to Zephyr and is stored in Zephyr Squad Cloud.
Zephyr Squad has access to the Jira issue type of type “Test” and all its related fields.
We store all of the data regarding Zephyr Squad: test cases, plans, cycles, executions, and custom fields.
In terms of the Jira data, we do not store anything except for Jira issue IDs to create trace links, Jira project IDs and keys, the IDs of users as well as the tenant information that allows us to make calls to Jira (including the tenant secret). There is no way to restrict it.
All the Zephyr-related data is stored in Zephyr Squad Cloud, there is no way to restrict access to this data storage as it’s critical to the entire application workflow
We are hosted completely on AWS, and our data centers are currently located in the US. More regions will be supported in the future, and we’ll aim to support the same regions as Jira, following Atlassian’s public roadmap for supporting data residency for apps.
Yes, we maintain an audit log of the infrastructure changes for 6 months.
We store the customer data for 6 months after the subscription has expired so that customers can continue with the application where they left off once they renew the license. We do have a process to completely delete the customer data from our systems.
We have provisioned production access to only the DevOps teams and no one else. The DevOps teams have access to the Zephyr Squad application data, but no PII data. All production access is logged and periodically audited for any unauthorized access of the production systems.