Privacy Policy
for SimplyBoard
Table of Contents
1. Introduction and Scope
This Privacy Policy describes how CityOfAgents ("Company," "we," "us," or "our") collects, uses, and discloses information in connection with the use of the SimplyBoard Jira Cloud application (the "App").
Role DisclosureFor the purposes of the GDPR and similar data protection laws, CityOfAgents generally acts as a Data Processor with respect to the "Customer Data" processed within the App. The organization that licenses the App (our "Customer") acts as the Data Controller.
2. Relationship to Atlassian
SimplyBoard is a third-party application provided through the Atlassian Marketplace. Your use of the App is also subject to the Atlassian Privacy Policy and your organization's agreement with Atlassian. We are independent of Atlassian and do not control Atlassian's data practices.
3. Information We Process
We process only the minimum data required to provide time-tracking and logging functionality.
3.1 Account Information
We process Atlassian Account IDs, Display Names, and Email Addresses (where permitted) to associate worklogs with the correct user.
3.2 Customer Content
We access Jira Issue keys, summaries, comments, and worklog entries. This data is processed to enable the "Quick Log" and "History" features.
3.3 Technical Data
We collect basic diagnostic metadata (App version, browser type, error logs) to maintain service stability.
3.4 AI Data Processing (If Applicable)
Content processed via AI agents is used for real-time inference only. We do not use Customer Data to train our machine learning models or those of our third-party AI providers.
4. How We Use Information
We use the information strictly to:
- Facilitate the logging of work and notes within your Jira instance.
- Provide personalized logging history and templates.
- Ensure the security and integrity of the App.
- Comply with legal obligations.
5. Data Storage and Subprocessors
We utilize high-security infrastructure to host data that cannot be stored directly within Jira.
| Subprocessor | Purpose | Region |
|---|---|---|
| Vercel / AWS | Primary Hosting | US-East-1 |
| Supabase / PostgreSQL | Database (Encrypted at rest via AES-256) | US-East-1 |
| Atlassian APIs | Secure Data Transmission | Global |
6. Data Retention and Deletion
Active Use
Data is retained as long as the App is installed and active.
Uninstallation
Stored Customer Data is marked for deletion and purged within 30 days.
Customer Requests
Controllers may request manual deletion of data by contacting privacy@cityofagents.ai.
7. Security Protections
We implement industry-standard technical and organizational measures, including:
Encryption
Data is encrypted in transit using TLS 1.2+ and at rest using enterprise-grade AES-256 encryption.
Isolation
Customer data is logically isolated in our database to prevent cross-tenant access and maintain data integrity.
Least Privilege
Access to production systems is strictly limited to authorized personnel only when required for support.
8. International Data Transfers
If you are located in the EEA or UK, please note that we transfer and process data in the United States. We utilize Standard Contractual Clauses (SCCs) as the legal mechanism for these transfers, ensuring a level of protection equivalent to that of the GDPR.
9. Your Rights
As the Data Controller, your organization is responsible for managing requests from individuals regarding their data (Access, Correction, Deletion). If we receive a request directly from an individual user, we will refer that request to the Customer (the Jira Administrator).
10. Limitation of Liability
We are not responsible for data loss or breaches caused by Atlassian, your network providers, or unauthorized access to your Jira administrator credentials.
11. Contact Information
Questions or Concerns?
For data protection inquiries or to request our Data Processing Addendum (DPA), please reach out to our team.
privacy@cityofagents.ai