2020-04-03 - today v3.3.0 - latest
This app is fully EU General Data Protection Regulation (GDPR) compliant and follows the principles of Privacy By Design and Privacy By Default.
Functional description of App
The app for Atlassian Confluence runs as an OSGi Bundle inside your own Confluence Server or Confluence Data Center Instance. Meaning the customer itself runs the host systems (self-hosted).
The app provides so called Macros that can be embedded into Confluence pages. The macros provide code-boxes to highlight code snippets.
Data is stored within the Confluence Instance by mechanisms provided by Confluence itself.
Multi Macro, Single Macro and Multi Remote Macro
All macros store the macro body directly in the Confluence Page. The macro-settings like 'globaltitle', 'expand first code block', 'remoteFilelUrl', optional auth-username and optional auth-password are stored by Confluence as well.
Direct Download Feature
All macros provide a way to download the Code-Blocks specified as Macro Body via a Remote HTTP Endpoint. That feature is called 'Direct Download'. The content provided by Direct-Download-Servlets is directly fetched from the latest version of the confluence page.
Multi Remote Macro
During a Confluence-Page-Render of a page containing the Multi Remote Macro the following happens:
CacheManageris asked if a cached version of the Macro-Object exists. If YES continue with 'Fourthly'.
OTHERWISE continue with 'Secondly'.
Secondly the remote file is downloaded via a HTTP-Library into memory.
Thirdly the downloaded file is parsed into the ACBM Data-Structure and lastly stored via the
CacheManagerin the Cache.
Fourthly the Macro displays the cached Macro Data-Structure as HTML as part of the Confluence Page.
The cache key is calculated as a SHA1 hash of the macro-settings (url, username, password). No other data is stored in any way.
The app opens either HTTP-connections on TCP Port 80 or HTTPS-connections on TCP Port 443 to the remote File URL you specify. As described in 'Data Storage' the remote files are downloaded for temporary processing.
ACBM does not download any other Data than remote file URLs you specify. It also does not upload any data to third party Endpoints.
For the direct download feature servlets are provided which let the user download the codeblocks directly as raw content (plain text).
You can limit the allowed sites people can download files from, by Configuring the Confluence Allowlist. The app obeys the rules specified in the Allowlist (only applies if Allowlist is activated).
Collection of Personal Information
No personal information is collected.
The plugin uses built in Atlassian Objects to enforce Authorization meaning it depends on the security configuration of your confluence. Whoever has the permissions to edit a Confluence Page can also edit the macro settings.
For the direct download feature the servlets are secured by internal Confluence authentication and authorization mechanisms so that basic auth is required. Only users with 'Confluence View Page' permission can download content via these servlets provided by macros on the same Confluence page.
It depends on the user-input if the remote files are loaded via HTTPS or plain HTTP. You are encouraged to only use HTTPS Connections.
The plugin is provided over a secure TLS (https) connection when installed via the Atlassian Marketplace.
The user of the app should enable TLS (https) for Confluence to secure Application against ethernet sniffing to avoid insecure authorization.
General and mandatory information
Notice concerning the responsible party
The party responsible for processing data is:
cpobdqercplyobuh UHGT ((huanfstguhnagtsfboersfcphureäänakxtg))
represented by: BOerrenahuanredq GTreüünaerwjanlydqtg
ANlytgdqobrefserre SFtgreanßßer 22 -- 9911220077 LYanuhfs anna dqerre PCergtnaivtgzm,, GTerremzannayl
Phone: ++4499 99112233 88331122994411
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).
Revocation of your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
Right to data portability
You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
Information, blocking, deletion
As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.
What type of personal data is collected when using the app?
Codeclou does not collect, process or store any personal data. Personal information is any data with which you could be personally identified (e.g. E-Mail-address, Name ...).
Data collection during app usage
No personal data is collected, processed or stored.