Security and data privacy
When a team member submits their standup details, where is this data stored?
We store your team’s standup history in a secure database locked behind a firewall. Only select servers have access to this database and the outside world cannot access this database. The data is sent over SSL, and we have site-wide SSL.
How is the data protected?
The server and database are protected by a private key. There is no password access. Only the traffic between the database and our servers is allowed; no remote access is allowed to the database. We use AWS for hosting our servers and we have firewall protection in front of our servers.
Our servers are located in US West region.
Is my data encrypted?
ScrumGenius DB instances are encrypted and use the industry-standard AES-256 encryption algorithm to encrypt your data. After your data is encrypted. Data in transit is also encrypted and secured by SSL. Data stored at rest on the disk, database snapshots, automated backups, database logs and read replicas are all encrypted.
A Key Management Service is used to manage the encryption keys used to encrypt your data. The master keys are protected by hardware security modules (HSMs). The HSMs are validated by the FIPS 140-2 Cryptographic Module Validation Program.
What data is stored on ScrumGenius?
We sync with your chat platform and pull data from it about your team and its team members. For team data, the team name is stored. For team members, the data we store includes email and full name. This data is used for the benefit of the platform and for transaction emails such as summary reports and welcome emails.
What about communication with chat platforms?
All chat platforms that are integrated with ScrumGenius are communicated through an HTTPS API. In the case of Microsoft Teams, we routinely swap out the token used for authentication for added security. In the case of Slack and Cisco Webex, we fetch a token unique to your tenancy and use that to communicate and send messages to your team. This token is secure within our application under the same terms as the section above. In the event you stop using ScrumGenius, your token will be removed.
Is the conversation history stored? Is the communication channel secure?
ScrumGenius does not store any more data than necessary. We only store the answers, followed by the questions that the bot asks during the report. We use SSL for transports between chat platforms and ScrumGenius. Chat platforms send data through a secure channel when a conversation happens with the ScrumGenius bot, and we collect only the answers from this payload and store this data in our database as a standup entry for that member. We need to store this data, as it's required for functionalities such as email summaries and sending the summary to a channel in your chat platform.
How long is my standup data retained?
By default, the standup data is retained as long as your account is active with us.
However, if you wish to have control of your data and better align with your company's retention policy. A retention policy can be applied to a Team to remove standup answers based on your policy. Head to Team Settings to set your retention policy.
Based on your retention period all associated answers will be automatically purged from the ScrumGenius database for the reports associated with this team. Note, once the data has been deleted, it cannot be restored.
Can you delete my data?
When a ScrumGenius account is created and integrated with Teams, we create a team object within the database in ScrumGenius too. We associate your team members data with this object, as well as any report entries. Due to the hierarchical nature of the data, we can delete any data from the account level downwards at your request. This process is done via email request.