2.2) Mindpro – Forge Apps: For our Forge apps (Insights, Lineup, Graphy, Dashio), Atlassian acts as the hosting provider. The Forge platform is designed so that the app runs entirely within Atlassian’s secure infrastructure.

• Data Hosting: Your product data never leaves your Atlassian cloud instance to be stored on our servers. Atlassian manages the execution of the app and all data processing and storage.
• Data Location: The residency of your data is determined by the region you have selected for your Jira or Confluence Cloud instance.
• Our Role: For Forge apps, we are the app developer, but we do not act as a Data Processor for your product data.
• Data Egress – All of our Forge apps (Insights, Lineup, Graphy, and Dashio) have earned the “Runs on Atlassian” badge. This trust badge, awarded by Atlassian, confirms means that our apps built on Forge meet strict, automatically verified requirements, including using only Atlassian-hosted compute and storage, supporting data residency, and ensuring customer data never leaves Atlassian’s trusted environment.

Data Management: Learn in more details how we handle the data accessed and stored by our Forge apps (Insights, Lineup, Graphy, and Dashio) using this following links: 

• Insights – Data Security & Privacy
• Lineup – Data Security & Privacy
• Graphy – Data Security & Privacy
• Dashio – Data Security & Privacy

We use cookies and similar tracking technologies (like web beacons and pixels) to operate and improve our websites and Services. A cookie is a small text file that a website stores on your computer or mobile device when you visit the site. You can control and manage your cookie preferences through the cookie consent banner on our website or by adjusting your browser settings. We use the following types of cookies:

• Essential Cookies: These cookies are strictly necessary to provide you with our websites and Services and to use some of their features, such as access to secure areas.

• Functional Cookies: These cookies are used to remember choices you make when you use our websites, such as your language preferences.

• Analytics and Performance Cookies: These cookies collect information about how you use our websites, such as which pages you visit most often. We use this information to improve how our websites work. We use Google Analytics for this purpose.

• Marketing Cookies: These cookies are used to make advertising messages more relevant to you.

We only share your information with a limited set of third-party service providers, known as subprocessors, who help us provide our Services. We have entered into contractual agreements with each of these sub processors that obligate them to protect your information, use it only for the services they are contracted to provide, and prohibit them from selling it. 

The following section lists our key subprocessors, the purpose for which we use them, and the location where they may process your data:

• Amazon (AWS) – Location (USA, Germany): We use Amazon (AWS) hosting and security for cloud app infrastructure related to our cloud products. – Security & Privacy

• Atlassian – Location (Australia, Ireland, USA): We use the Atlassian suite for customer service and support, and licensing tracking for apps purchased via Marketplace – Security & Privacy

• Google Workspace – Location (USA): We use Google (Workspace) as internal collaboration and productivity tool – Security & Privacy

• Slack – Location (USA): We use Slack as communication tool for internal collaboration and customer support – Security & Privacy

• Hubspot – Location (USA): We use Hubspot as CRM tool to track and manage our customer deals and evaluations – Security & Privacy

• Elementor – Location (Israel): We use Elementor to host and edit our website – Security & Privacy

• Google Analytics – Location (USA): We use Google Analytics to collect anonymous statistics on the website – Security & Privacy

• Calendly – Location (USA): We use Calendly as a service provider to schedule meetings & product demos – Security & Privacy

• RD Station – Location (Brazil): We use RD Station as e-mail marketing tool to share product and services communications – Security & Privacy

• To Comply with Legal Obligations: If we are required to do so by law, regulation, legal process, or a valid governmental request.

• To Protect Our Rights and Services: To enforce our agreements and policies, to protect the security or integrity of our Services, or to protect Mindpro, our customers, or the public from harm or illegal activities.

• In Case of a Business Transfer: If Mindpro is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change in control or use of your personal information.

• With Your Consent: We may share your information with a third party for other purposes if we have your explicit consent to do so.

We take the security of your data very seriously and have implemented a comprehensive set of technical and organizational measures designed to protect it from unauthorized access, loss, misuse, or alteration. Our security program is based on industry best practices and includes the following controls:

• Encryption: We encrypt your data both in transit using Transport Layer Security (TLS) and at rest using military-grade AES-256 encryption.

• Secure Development: Our development process incorporates security at every stage. We conduct regular peer reviews of code and use automated tools like Snyk and Sonar to scan for vulnerabilities before deployment.

• Access Control: Access to your personal information is strictly limited to authorized personnel based on the principle of least privilege. We enforce strong authentication policies, including mandatory Multi-Factor Authentication (MFA), for all internal systems and source code repositories.

• Infrastructure Security: Our infrastructure is hosted in secure, world-class data centers provided by AWS. We employ firewalls, network isolation, and continuous monitoring to protect our systems.

• Vulnerability Management: We conduct regular vulnerability assessments and penetration tests on our applications and infrastructure to identify and remediate potential security weaknesses.

• Incident Response: We have a formal incident response plan in place to promptly address any security breaches. In the event of an incident, we will take immediate steps to contain the threat, investigate the cause, and notify affected users and relevant authorities as required by law.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. Our retention periods are as follows:

• Account Information: We retain your account information for as long as your account is active with us. After your account is closed, we may retain some information for up to 5 years for administrative purposes and to comply with our legal obligations.

• Support Channel Information: Data related to support requests is retained for up to 5 years after the issue is closed to maintain a history of support interactions and for service improvement purposes.

• Product Data (Connect Apps): We retain product data processed by our Connect apps for as long as the app is installed and active in your Atlassian instance. When you uninstall the app, we will delete your data from our systems within 90-180 days.

• Product Data (Forge apps): Our Forge apps follow Atlassian’s internal Standard Data Retention and Disposal policy, and how your data is stored or deleted varies depending on the app’s current state (Active, License Expired, Uninstalled). For more details on the Atlassian Data Retention and Disposal policy, check the following links: Data Security & Privacy – Insights, Lineup, Graphy, Dashio

• Marketing Information: We retain information used for marketing purposes until you opt out of receiving such communications.
  
  

International Data Transfers

• Mindpro operates globally, which means your personal information may be transferred to, and processed in, countries other than the one in which you reside. These countries may have data protection laws that are different from the laws of your country. Specifically, our primary data hosting provider, AWS, is located in the United States, and some of our sub processors are located in the US, Brazil, and other countries.

• When we transfer personal data from the European Economic Area (EEA), the United Kingdom (UK), or Switzerland to other countries, we do so in compliance with applicable law. We rely on appropriate legal safeguards to ensure your data is protected, which may include Adequacy Decisions by the European Commission, the EU-U.S. Data Privacy Framework, and/or the European Commission’s Standard Contractual Clauses (SCCs).
  
  

Security Measures 

We adopt all applicable technical, administrative, and organizational measures to protect the personal data entrusted to us against loss, abusive, inappropriate, unlawful, or unauthorized usage, adopting information security best practices, which we can be review in full details using the following link: Mindpro – Security Measures. 

YOUR RIGHTS AS DATA SUBJECT 

You have certain rights regarding the personal information we hold about you. We are committed to helping you exercise these rights easily, see below how they these rights apply for each scenario:

Rights for All Users – Regardless of your location, you can make a request to access, update, correct, or delete your personal information.

If you are in the European Economic Area (EEA), United Kingdom (UK), or Switzerland (GDPR) – If you are a resident of these regions, you have the following data protection rights under the GDPR:

• The Right to Access: You have the right to request copies of your personal information.

• The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

• The Right to Erasure (Right to be Forgotten): You have the right to request that we erase your personal information, under certain conditions.

• The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information, under certain conditions.

• The Right to Object to Processing: You have the right to object to our processing of your personal information, under certain conditions, particularly where we are relying on legitimate interests as our legal basis.

• The Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, in a structured, commonly used, and machine-readable format.

• The Right to Withdraw Consent: If we are processing your data based on your consent, you have the right to withdraw that consent at any time.

• The Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority.

If you are a California Resident (CCPA/CPRA) – If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the CPRA:

• The Right to Know: You have the right to request that we disclose what personal information we collect, use, disclose, and sell or share.

• The Right to Delete: You have the right to request the deletion of your personal information that we have collected from you, subject to certain exceptions.

• The Right to Correct: You have the right to request that we correct inaccurate personal information that we maintain about you.

• The Right to Opt-Out of Sale or Sharing: We do not “sell” your personal information in the traditional sense. However, under the CCPA’s broad definition, some data sharing for analytics or advertising may be considered a “sale” or “sharing.” You have the right to opt-out of this activity.

• The Right to Limit the Use and Disclosure of Sensitive Personal Information: You have the right to direct us to limit our use of your sensitive personal information to that which is necessary to perform the services expected.

• The Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

How to Make a Request

To exercise any of your data protection rights, please contact our security team at [email protected] or by opening a request through our Support Portal. We will respond to your request within the timeframes required by applicable law. We may need to verify your identity before processing your request to protect your information.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we do, If we make a material change, we will provide you with a more prominent notice, such as by sending an email or displaying a notice on our website prior to the change becoming effective. We encourage you to review this policy periodically to stay informed.

HOW TO CONTACT US
If you have any questions regarding this Privacy Policy, please do not hesitate to contact us via our support portal or at [email protected]. For any other inquiries, please get in touch at [email protected].