What sort of data is collected, and what happens with that data?
MacroSuite stores the installation information that Atlassian is providing. This data is needed to identify a client but does not indicate or expose any user data. Additionally, we are tracking usage information of our product (e.g., which macro types are being used). However, we are not collecting any contextual information around our macros: we don’t know which images you are using in macros, the name of your Confluence pages, their authors/editors, or any content on them. At no point do we collect any personally identifiable information.
Where is the collected data being stored?
We are using the Google Cloud Platform to maintain our Connect applications. Data of all used services are located in regions or regions within the European Union (Belgium, Netherlands, Zurich, Frankfurt, Finland, or Warsaw). Therefore EU jurisdiction applies. For more information, see: https://cloud.google.com/compute/docs/regions-zones. Our Forge apps rely on Atlassian's data residency features. We do not store any sensitive customer information like this.
Which data security protocols in relation to data breaches are in place?
We do not collect any sensitive and/or personally identifiable information. All captured information is stored on highly secure Google servers located in Europe. In an unlikely event of a data breach, we will be informed by Google and pass this information on to our clients.
Is Macrosuite affected by the remote code execution (RCE) vulnerability of Log4j?
No, Caelor customers are not vulnerable, and no action is required. This vulnerability has been mitigated for all Caelor cloud products previously using vulnerable versions of Log4j.
Security is very important to Caelor. Therefore Caelor complies with the highest security standards. That's why MarcoSuite is Cloud Fortified Certified. This is Atlassian's highest standard for cloud apps. More Information about Cloud Fortified can be found here.