A.
A.
We access no other data from your organization or it’s users other than what they contribute when interacting with the Jellyfish service. Jellyfish data includes:
A.
Like all modern software services we use analytic tools to measure usage and to improve our service. The tools and their usage are outlined in our privacy policies and terms of service linked below.
A.
All our systems are built using Heroku services, Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology.
Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
Heroku’s Security Policies: https://www.heroku.com/policy/security
Amazon AWS Security Policies: https://aws.amazon.com/security
In addition to the above, our service also uses third-party security services to protect and secure our websites, applications and APIs against denial-of-service attacks, customer data compromise, abusive bots, OWASP identified vulnerabilities and many others.
All data is stored in AWS, access to this data is restricted to engineers and accessed over SSL. Non-Engineering staff are unable to access any backend systems directly, only via ACL protected user interfaces.
All communication from/to our service and Slack’s APIs are secured over SSL.
We do not store or process any payment information ourselves, we use Chargebee, a PCI-DSS Level 1 Service Provider.
Chargebee Security & Certifications: https://www.chargebee.com/security/
A.
You will invalidate the access token we are granted at the time of install. Invalidated tokens will prevent us from being able to interact with your Slack workspace, to use the Jellyfish service again you will need to re-install our service.
We will delete all data we have for your organization by request only.
Email us [email protected] for deletion requests.
A.
We will remove any data a user wishes to have removed.
Email us [email protected] for deletion requests.
A.
Data export is an enterprise feature of our service, we can provide this if you are on an enterprise plan. If you are on a trial or free version of the service we will only accept deletion requests. Note: Data export will include anonymous questions and anonymous comments but it will not include user attribution. Anonymous features are anonymous. If this is of concern disallow anonymous questions and/or add moderation when hosting Jellyfish sessions. Refer to https://help.jellyfish.chat for more details.
A.
If we are victim to a data breach we will notify the affected organizations as soon as possible.
A.
We pen-test our app using an external service from time to time, we can share the latest results if needed, an NDA may be required depending on the circumstances. Email us [email protected] to request the report.
A.
To help reduce spoofing attacks we utilize secure DNS (DNSSEC)
A.
Our uptime is monitored by an external service and can be viewed here https://status.jellyfish.chat
A.
This document will be updated when our policies change. Any further questions please contact us anytime [email protected]