Skip to main content
Skip table of contents

Security & Privacy

The Easy Agile team takes security seriously. For more information about Easy Agile’s company security practices including our SOC 2 Type II certification, visit trust.easyagile.com.

Security Vulnerability

We align with the Security Severity Levels published by Atlassian. As a Platinum Atlassian Marketplace Partner, we adhere to their security requirements for Cloud applications.

We participate in the Atlassian Marketplace Security Bug Bounty Program.

If you believe you have found or experienced a security vulnerability with an Easy Agile product or service please raise a security incident.

Jira Cloud

All of your Jira data (including issues, projects, and users) is kept in your Jira Cloud instance. Your Jira data is never stored by our cloud servers.

Our Jira Cloud apps require the following Atlassian Connect Permissions (Scopes): Read, Write, Delete, and Project Administration. Project Administration is needed for creating and updating Release versions.

As the product is delivered as a static, client-side add-on, the requests to read, create, or update Jira data are made by the account of the person using the addon.

We follow the Atlassian guidelines for security:

Easy Agile’s Cloud services are SOC 2 Type II certified. Download our SOC 2 report from trust.easyagile.com.

Error reporting

Easy Agile products use error reporting service BugSnag to assist us in providing higher-quality software and quickly diagnose errors that occur in Easy Agile code running in the browser. No data is ever transmitted from your Jira server(s). This information helps us quickly pinpoint issues to help quickly resolve support requests, or ship fixes before support requests are raised.

No Personally Identifiable Information (PII) is included in the BugSnag payload events sent.

Key points

  1. Only errors that originate from within Easy Agile code are transmitted.

  2. All business-sensitive information is redacted, such as:

    1. The URL of the Jira instance

    2. Any project keys

    3. Any issue keys

    4. Usernames or any other personally identifiable information

We include the app Entitlement Number or Support Entitlement Number (SEN) in analytics to improve your customer support experience. For example, in the event you experience an error and raise a support request, we can diagnose the problem quickly. We also collect an anonymous and random unique identifier for each browser session, this unique identifier (UUID) is not tied to, or seeded from, a user's personally identifiable information. 

Expand to see example
CODE
{
    "apiKey": "4c6a97b915700d2318f163d99f5a9323",
    "notifier": {
        "name": "Bugsnag JavaScript",
        "version": "6.5.2",
        "url": "https://github.com/bugsnag/bugsnag-js"
    },
    "events": [
        {
            "payloadVersion": "4",
            "exceptions": [
                {
                    "errorClass": "Error",
                    "message": "This is a test error being notified",
                    "stacktrace": [
                        {
                            "file": "https://<redacted>/server/bundled.eausm-server-app.js",
                            "lineNumber": 2,
                            "columnNumber": 2879909
                        },
                        {
                            "file": "https://<redacted>/server/bundled.eausm-server-app.js",
                            "lineNumber": 2,
                            "columnNumber": 2879770
                        }
                    ],
                    "type": "browserjs"
                }
            ],
            "severity": "warning",
            "unhandled": false,
            "severityReason": {
                "type": "handledException"
            },
            "app": {
                "releaseStage": "production",
                "version": "5.0.190"
            },
            "device": {
                "locale": "en-US",
                "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36",
                "time": "2020-08-14T03:49:11.401Z"
            },
            "context": "This is a test error being notified",
            "user": {},
            "metaData": {
                "deployment": "server",
                "jiraSoftwareVersion": "8.6.1",
                "pluginVersion": "6.1.0",
                "supportEntitlementNumber": "SEN-XXXXXXX",
                "uuid": "185c36dc-1a89-4f29-9c68-d5fd1ddf3fe7"
            },
            "request": {
                "url": "redacted"
            }
        }
    ]
}

How do I disable the in-app “Welcome” video and signup form?

Disabling modules including the Welcome screen is only available on Data Center versions of the app.

To disable the Product Intro, you will need to disable the ‘EA Product Intro’ module in the app. 

Here are steps to walk you through this process:

  1. Navigate to the 'Manage Apps' page under the Administrator menu

  2. Navigate to 'Easy Agile Programs' from your list under 'User-installed apps'

  3. To the right of the Programs listing, expand the 'Modules Enabled' dropdown

  4. Find 'EA Product Intro' from the list of modules, and select 'Disable'

Analytics

What analytics does Easy Agile Programs capture and why?

Easy Agile captures analytics events from our products so that we can better understand how they are being used, and identify opportunities for improvement. The analytics data captured is stored in a private analytics database hosted by Amazon Web Services in the United States of America. This data is also sent to Amplitude, a third-party analytics platform to query and visualize analytics data to make informed decisions about product development.

For more information on how Amplitude stores this data see here.

No Personally Identifiable Information is captured in our analytics events.

To improve your customer support experience, the analytics data we collect includes the license Support Entitlement Number (SEN). This is so that we can more quickly and accurately diagnose problems when you raise a support request. 

We also collect an anonymous and random unique identifier for each browser session. This unique identifier (UUID) is not tied to, or seeded from, personally identifiable information.

Example analytics event data we receive:

Add-on Key

SEN (Support Entitlement Number)

Action

Event Data

Timestamp

Version

com.easyagile.programs

SEN-XXXXXXX

eap-rendered

{"route": "/plugins/servlet/eap/program/:programId/increment/:incrementId", "boardType": null, "isConnect": false, "eapVersion": "1.0.4", "browserName": "Chrome", "jiraVersion": "8.5.1", "screenWidth": 1920, "windowWidth": 1920, "loadDuration": 18849, "projectCount": 0, "screenHeight": 1080, "windowHeight": 937, "browserVersion": "79", "estimationType": "n/a", "screenFormatted": "1920x1080", "windowFormatted": "1920x937", "completeLoadDuration": 18849}

2017-03-20 22:54:39.488+00

2.3.0

com.easyagile.programs

SEN-XXXXXXX

backlog-toggled

2017-03-20 22:53:22.433+00

1.2.3-AC

How do I disable the analytics events from Easy Agile Programs from being sent to Easy Agile?

Disabling modules including analytics is only available on Data Center versions of the app.

To disable analytics events being sent to us, you will need to disable the 'eap-load-analytics' module in the app. 

Here are steps to walk you through this process:

  1. Navigate to the 'Manage Apps' page under the Administrator menu

  2. Navigate to 'Easy Agile Programs' from your list under 'User-installed apps'

  3. To the right of the Easy Agile Programs listing, expand the 'Modules Enabled' dropdown

  4. Find 'EA Analytics' from the list of modules, and select 'Disable'

Where can I read Easy Agile’s Privacy Policy?

The Easy Agile Privacy Policy is available on our website at Privacy Policy.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.