...
The following user data fields containing personally identifiable information are accessed by the eSign application. All data is encrypted in transit. The eSign servers do not permanently store any of the accessed User Data.
User Data Access | Usage |
Display Name | The user’s name is retrieved to populate the signee name in the completed signatures. |
E-mail Address | E-mail address is accessed to send transactional notification email (e.g. Signature Pin Reset) |
Locale and Time zone | Locale language and time zone are retrieved to stamp and format the local date/time for the electronic signatures. |
Atlassian Account ID | The internal Atlassian account ID is stored within the signature record. |
eSign User Data Storage
All of the data created by eSign (e.g. Signatures) that contains personally identifiable information is stored within the Atlassian Cloud infrastructure. The data is encrypted at rest as per the Atlassian GPDR document above. The eSign servers do not permanently store any of the created user Data.
User Data Storage | Usage |
Document Records | The Document Record contains document metadata, signatures, audit trail, locale information, etc. Document records are stored within the Atlassian Cloud. All data stored within the Atlassian cloud is encrypted at rest. |
Signatures | Completed review signatures and training signatures are stored within the Document Records. Signatures contain the atlassian user ID, user name, title, e-mail address of each Signee. Signatures are only stored within the customer’s private Atlassian cloud environment. |
eSign User Consent (for Cookies and Tracking)
...
As detailed above, private user data is accessed temporarily for data processing from the eSign servers, which are hosted on Heroku. See https://www.heroku.com/policy/security for more information on Heroku (by Salesforce) and the AWS security infrastructure and accreditation.only. The eSign eSign Processing Services are hosted by ISO 27001 and SOC 2 compliant partners. eSign processed signature data is stored permanently within each customer’s Atlassian instance (e.g. customername.atlassian.net) no privacy data is stored permanently on the eSign servers.
US Data Processing - Heroku: https://www.heroku.com/compliance
EU Data Processing - Render.com: https://render.com/trust
Atlassian Data Storage - See https://www.atlassian.com/trust/compliance and https://www.atlassian.com/trust/privacy/country/europe-and-gdpr for details on Atlassian’s support for GDPR compliant management of permanently stored private user data.
eSign User Data Deletion
As detailed above, Signature data created by eSign will contain user private data. The administrators of the Atlassian Cloud have access to remove Signatures from the Confluence repositories if requested.
...