Data security and privacy policy
Terms and scope
This policy covers all self-hosted and cloud-based software products ("app"), interactions with the Midori support service, and all public websites ("website") maintained by Midori Global Consulting Kft. ("we"). "You" means the end-user of our products or the legal entity that is the licensee of our products, or the visitor of our public websites.
Under the terms of GDPR, Midori is a Data Processor. In this document, we list the services we contract to serve as subprocessors. It also describes how we treat your information and data when you use any of our products, contact our support service or visit our website. By using any of those, you are accepting the practices outlined in this policy.
Installing Midori apps or contacting our support service may involve the processing of your data. End-User Data processing is governed by the Midori Data Processing Agreement.
Data collected and shared with subprocessors
Midori apps
Our on-premise apps store all information in the corresponding Atlassian server product. All data is located in your IT system (server or data center) that hosts the Atlassian server product.
No information stored on the installation IT system is made available to us when you install the app. The app does not transmit data from your IT system or from the end-user's web browser to us or to any third party.
We use AWS as the hosting provider for our cloud apps. We use the EU-West-1 region, which means that your data is processed on servers in Ireland. No sensitive customer data is stored on AWS servers.
We store only the minimal information required for Atlassian Connect authentication. It includes the client key, instance URL and basic information on the app's installed status and date of installation.
All data that is processed by the app is completely kept within the boundaries of the Amazon AWS infrastructure. Therefore, all information exchange is protected by AWS itself:
- All data is securely stored in AWS DynamoDB.
- All logs are written to AWS CloudWatch logstreams.
Note that all these components respect the official Amazon security guidelines. End-users access the front-end web app in a secure way, using HTTPS. Therefore, all data exchange over the public internet is encrypted.
Midori website
Our websites use Google Analytics to collect statistics and to help us understand how visitors use the websites. Google Analytics uses cookies and other means to transfer some information to Google servers. Google relies on the European Commission’s Standard Contractual Clauses (SCCs) for transfers of online advertising and measurement of personal data out of the European Economic Area. We use that information to improve our website usability.
Any data that is entered into any form on our websites is only used for the indicated purposes.
Also see: Google Analytics Terms of Service, Google Ads Controller-Controller Data Protection Terms
Midori customer support
When having problems or questions related to our apps, you may contact our Customer Support team. Depending on the issue we may request server log files, configuration files, database query results, or other types of diagnostic information, which you are free to give to us.
Those are only used to analyze and solve your individual issue. After the issue is resolved, those are permanently deleted from Midori's internal storage.
We use Zendesk to provide technical support for our customers. When you create a ticket in our support system, the information provided may be transferred and stored on Zendesk servers that are in the United States. Zendesk complies with the EU Binding Corporate Rules ("BCR") and incorporates the Standard Contractual Clauses (SCCs) when transferring data to their servers.
Also see: EU-US data transfers after Schrems II
Mailing lists
Contact data provided by the Atlassian Marketplace over the course of evaluating or purchasing our apps will be used to send relevant information to you via email. We do not have any access to customer data beyond this.
We use Mailchimp to maintain email lists and send out emails. It is, therefore, essential to transfer your contact information to Mailchimp's servers in the United States. Mailchimp commits to transferring and processing all users' European data in compliance with the Standard Contractual Clauses (SCCs).
If you decide you do not need further information, you may simply unsubscribe by clicking the link in the email's bottom part.
Also see: Mailchimp Privacy Policy, Mailchimp and European Data Transfers
Data privacy rights
Opting Out of Receiving Communications. You may opt out of receiving communications from us. Contact us at info@midori-global.com.
Correcting or Deleting Your Personal Information. We typically hold your email address and name for communications purposes stated above. If you believe any information, we are holding on you is incorrect or incomplete, please email us at info@midori-global.com. You may also request that we delete the information we hold about you.
Accessing your Personal Information. You may request to access the information we hold about you or the past support request correspondence with you. Contact us at info@midori-global.com.
Disclosure
The collected information may be disclosed only if we are required to do so by law, or if Midori is merged or sold to another company.
Amendments
We may update this policy from time to time by posting a new version on this website. This was last updated in March 2023.