Bravo Notes - Privacy & Security

Overview

Agile Extensions provides different extensions for the products Azure DevOps and Team Foundation Server. All extensions are hosted within the existing products.

For more information on security and privacy of Azure DevOps refer to https://azure.microsoft.com/en-us/support/legal

Permanent data storage

All permament data that is written by extensions is stored within the host products infrastructure. No data accessed through the extension (for example work item data or files form code repositories) is transferred and then permanently stored outside of the host products.

Using bravonotes.com backend services

Some features of Bravo Notes require the use of backend services at bravonotes.com hosted on Azure.

Features that require backend services are Export to PDF as well as Publish images to bravonotes.com. For those features to work the following data is sent via https to bravonotes.com:

  • HTML representation of release notes to be published or converted to a PDF
  • Azure DevOps account name the extension is used in (e.g. acmeinc.visualstudio.com)
  • App token to verify the request was made from within the Bravo Notes extension including the user id of the current user
  • Short lived access token to
    • verify the current user has access to the Azure DevOps account
    • download attachments to include them in rendered PDF documents
    • download attachments to to upload to bravonotes.com for anonymous access

Usage tracking

To improve the quality of our products we make use of Microsoft Application Insights. We capture metrics on how fast extensions load, if there are any errors occuring and what parts of our extensions users load and interact with.

For more information about Application Insights please refer to https://azure.microsoft.com/en-us/services/application-insights

Support / Helpdesk

E-Mails to support@agileextensions.com and messages sent through our In-App help widget are tracked in HelpScout.

Email- and In-App-Messaging

We use UserList to communicate with users via E-Mail and In-App messages.

Error tracking

To be able to allow for un-interrupted service and to be able to fix bugs as soon as possible we make use of SENTRY for tracking JavaScript errors.

Privacy

We understand the importance of ensuring the privacy of your personally identifiable information. As part of usage tracking we are currently tracking this data to gather insights:

  • User-ID
  • Email-Domain (e.g. @acmeinc.com)

Opting out of tracking

At the moment there is no easy way to opt out of usage and error tracking. We will provide options to opt out of usage and or error tracking shortly.

Blocking calls on our backend

At your request we will gladly add your Azure DevOps account to a block-me list on our backend so that any requests that might have been sent by unintentionally are not being accepted by our backend services.

Effective as of March 12, 2018.

For more information please contact us at support@agileextensions.com.