Data Privacy Statement

2018-06-30 - today v2.5.0 - latest

The following gives a simple overview of what happens to your personal information when you use the Advanced Codeblocks for Confluence called "App". Personal information is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our privacy policy found below.

This app is fully EU General Data Protection Regulation (GDPR) compliant and follows the principles of Privacy By Design and Privacy By Default.

Functional description of App

The app for Atlassian Confluence runs as an OSGi Bundle inside your own Confluence Server or Confluence Data Center Instance. Meaning the customer itself runs the host systems (self-hosted).

The app provides so called Macros that can be embedded into Confluence pages. The macros provide code-boxes to highlight code snippets.

Data Storage

Data is stored within the Confluence Instance by mechanisms provided by Confluence itself.

Classic Macro and Remote Macro

Both macros store the macro body directly in the Confluence Page. The macro-settings like 'expand first code block', 'remoteFilelUrl', optional auth-username and optional auth-password are stored by Confluence as well.

Direct Download Feature

Both macros provide a way to download the Code-Blocks specified as Macro Body via a Remote HTTP Endpoint. That feature is called 'Direct Download'. The content provided by Direct-Download-Servlets is is pre-rendered and stored via the ContentPropertyManager as part of the Confluence Page as invisible meta data.

Remote Macro

During a Confluence-Page-Render of a page containing the Remote Macro the following happens:

  • Firstly the CacheManager is asked if a cached version of the Macro-Object exists. If YES continue with 'Fourthly'.
    OTHERWISE continue with 'Secondly'.

  • Secondly the remote file is downloaded via a HTTP-Library into memory.

  • Thirdly the downloaded file is parsed into the ACBM Data-Structure and lastly stored via the CacheManager in the Cache.

  • Fourthly the Macro displays the cached Macro Data-Structure as HTML as part of the Confluence Page.

The cache key is calculated as a SHA1 hash of the macro-settings (url, username, password). No other data is stored in any way.

Network Connection

The app opens either HTTP-connections on TCP Port 80 or HTTPS-connections on TCP Port 443 to the remote File URL you specify. As described in 'Data Storage' the remote files are downloaded for temporary processing.

ACBM does not download any other Data than remote file URLs you specify. It also does not upload any data to third party Endpoints.

For the direct download feature servlets are provided which let the user download the codeblocks directly as raw content (plain text).

  • /plugins/servlet/advanced-codeblock-macro-downloadcode?pagepropertykey={KEY}&pageid={PAGEID}&macroid={MACROID}
  • /plugins/servlet/advanced-codeblock-macro-downloadlist?pageid={PAGEID}&macroid={MACROID}

Collection of Personal Information

No personal information is collected.

Security Measures

The plugin uses built in Atlassian Objects to enforce Authorization meaning it depends on the security configuration of your confluence. Whoever has the permissions to edit a Confluence Page can also edit the macro settings.

For the direct download feature the servlets are secured by internal Confluence authentication and authorization mechanisms so that basic auth is required. Only users with 'Confluence View Page' permission can download content via these servlets provided by macros on the same Confluence page.

It depends on the user-input if the remote files are loaded via HTTPS or plain HTTP. You are encouraged to only use HTTPS Connections.

The plugin is provided over a secure TLS (https) connection when installed via the Atlassian Marketplace.

The user of the app should enable TLS (https) for Confluence to secure Application against ethernet sniffing to avoid insecure authorization.

General and mandatory information

Data protection

The app vendor takes the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.

Notice concerning the responsible party

The party responsible for processing data is:

cpobdqercplyobuh UHGT ((huanfstguhnagtsfboersfcphureäänakxtg))
represented by: BOerrenahuanredq GTreüünaerwjanlydqtg
ANlytgdqobrefserre SFtgreanßßer 22 -- 9911220077 LYanuhfs anna dqerre PCergtnaivtgzm,, GTerremzannayl
Phone: ++4499 99112233 88331122994411
Mail: vasb@pbqrpybh.vb

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).

Revocation of your consent to the processing of your data

Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

Right to data portability

You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

Information, blocking, deletion

As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.

Data collection

What type of personal data is collected when using the app?

Codeclou does not collect, process or store any personal data. Personal information is any data with which you could be personally identified (e.g. E-Mail-address, Name ...).

Data collection during app usage

No personal data is collected, processed or stored.