FAQ: Data Processing and Storage
In order for Sensitive Data Detection to work correctly, we need to process and store some data in our secure databases for the duration that you use the Compliance for Confluence Cloud application.
What information do we need to process to be able to provide the service?
We will need identifiers such as page, space, and user IDs for setting the scope and permissions for the service. We also use these identifiers to authenticate the app and users.
Additionally, we also process the content on your Confluence pages in order to detect sensitive data.
What information do we need to store to be able to provide the service?
For the service to function efficiently and properly, we will store settings and detection results in our databases. In other words, we will store identifiers and content on the Confluence pages that is detected as sensitive data in our databases.
Important: Information classified as highly sensitive (e.g. credit card numbers) will not be stored in our database. For example, only the last four digits of a credit card number will be stored.
Who do we share your information with?
We use third parties, such as the AWS Lambda Service, to help us to process your data. However, they will not retain, use or disclose your personal information for any purpose.
Where do we process your information?
This depends on where you are located. In the UK, your data will be held in Ireland (EU) within an Amazon Web Services (AWS) Data Centre (aws-eu-west-1).
What is classed as highly sensitive data?
At present, we class the following data types as highly sensitive in Compliance for Confluence:
As additional sensitive data detection types are added to Compliance for Confluence in the future, this list will be updated.
Where do we store your information?
We use an encrypted database with data encrypted in transit (using HTTPS) and at rest. Firewalls are in operation between our infrastructure and other services or the internet.
How long do we keep your information?
Any required data will be stored for as long as the subscription is active. Once a subscription becomes inactive (i.e. the subscription has ceased), the data will be retained for up to 3 years to enable you to re-subscribe at any time during this period, and retain your data.
If required, you can request your data is removed at any time by contacting our Customer Support team.
How can I exercise my rights over my information?
Certain jurisdictions offer users specific rights with respect to their information, so you may have a right to access or receive a copy of your data, or to delete your data or restrict or object to our processing of your data.
If required, you can contact our Customer Support team to exercise your rights.
Need support? We’re here to help 🧡
If you have any questions about Compliance for Confluence or need assistance at any stage, please contact our Customer Support Team who will be happy to help.