Customer Data Retention, Deletion and Return Policy
Topics
Introduction
This document sets out our policy for responding to requests for deletion and return of data. This document explains the rights of the data subject in relation to data deletion, return and the responsibilities of Y2 ENGINEERING SP ZO.O. dba Release Management Apps (further through this policy - Release Management) in responding to such a request.
Default data retention policy
By default we do not automatically delete client data after
trial expires and client does not proceed with billable subscription
license expires and client does not renew with another payment & billable cycle
It means we welcome returning clients to the App and keep all the data & configuration settings to start all over again from the place people left us and do it fast.
We also do not store any confidential and/or personal data as outlined in our DPA so we see it as opportunity as opposed to potential threat.
In order to permanently delete and (optionally) return client data from our hosts a request for data deletion should be created.
What data is stored?
On our hosts we keep mainly “Release Management“ boards and configurations. This includes references (IDs) to some Jira entities and fields, like Project IDs, Version IDs, Issue IDs, Standard & Custom Field IDs, User & GroupIDs, Custom JQLs plus all the client data inserted into free text fields throughout the App.
Where is the data located?
As of September 14, 2024
All client data is stored in AWS (US, East)
Till September 14, 2024
All client data is stored in our documents store - a highly available cluster with 3x replica sets - in 3 locations - 2x Germany and 1x Finland.
Backups
Backups of our data store are regularly produced and stored in AWS (availability zone Germany).
Please also check our https://releasemanagement.atlassian.net/wiki/pages/createpage.action?spaceKey=ASPT&title=Sub-processors table.
How to request data deletion?
Only authorized people can request data deletion on the client behalf. This could be either the person (email) behind the commercial license issued or the person (email) behind the billing transaction executed.
Before requesting the deletion of data the client needs to assure that the license is expired and the App is uninstalled from client Jira instance.
The request should be submitted by authorized person (email) to our Service Desk Portal (https://releasemanagement.atlassian.net/servicedesk/customer/portal/11/group/16/create/53 ) or sent via support email (support@releasemanagement.app).
Requests should include unambiguous intention for client data to be deleted from our document store as well as backups.
Please also check Section 2.13 of the DPA and also “Duration of processing“ rows in the tables of Exhibit A, Part A and Exhibit A, Part B.
What are the timeframes for data deletion?
Upon confirmation of receiving your request (up to 24 hours) it might take up to 30 days to process your request and confirm that data has been deleted permanently plus sending you a copy (if requested).
Can I restore the data after deletion if I changed my mind?
No, this is not supported.
Tip: Do you have any questions regarding our Policies and Controls?
Please feel free to reach out to our support team.