Security and data privacy
When a team member sends their stand up details where is this data stored?
We store your data in a secure database that is locked behind a firewall. Only select servers have access to this database and the outside world cannot access this database. The data is sent over SSL. We also have site-wide SSL.
How is the data protected?
The server and database are protected by a private key. There is no password access. The traffic between the database and our servers is only allowed. No remote access is allowed to the database. We use AWS for hosting our servers and we have firewall protection in front of our servers. https://aws.amazon.com/security/
What data is stored on ScrumGenius?
We sync with your chat platform and pull data about your team and its team members. For team data, the team name is stored. For team members, the data we store include, email and full name. This data is used for the benefit of the platform and for transaction emails such as summary reports and welcome emails.
Communication with chat platforms
All chat platforms that are integrated with ScrumGenius are communicated through an HTTPS API. In the case of Microsoft Teams, we routinely swap out the token used for authentication for added security. In the case of Slack and Microsoft teams, we fetch a token unique to your tenancy and use that to communicate and send messages to your team. This token is secure within our application under the same terms as the section above. In the event you stop using ScrumGenius, your token will be removed.
Is the conversation history stored? Is the communication channel secure?
ScrumGenius does not store more data than necessary. We only store the answers, followed by the questions that the bot asks during the report. We use SSL between transports between Microsoft Teams and ScrumGenius. Microsoft Teams sends data through a secure channel when a conversation happens with the ScrumGenius bot. We collect only the answers from this payload and store this data in our database as a standup entry for that member. We need to store this data, as it's required for functionalities such as email summaries and sending the summary to a channel in your chat platform.
Can you delete my data?
When a ScrumGenius account is created and integrated with Teams, we create a team object within the database in ScrumGenius too. We associate your team members data, as well as any report entries. Due to the hierarchical nature of the data, we can delete any data from the account level downwards at your request. This process is done via email request.