Data and security

This page contains an overview of data management and security aspects of the Screenful service, including information on our GDPR compliance and our data retention policy.

GDPR

The EU General Data Protection Regulation (GDPR) sets a standard for how companies use and protect data taking effect in May 2018.

Screenful is committed to compliance. Key aspects are listed below.

A list of Personal data items

Screenful stores the following personal data for our users.

  • Full name

  • Email

  • First signed up

  • Last seen

  • Last Login

  • User role (admin, member, observer, account contact)

  • For paying customers: Which plan they are subscribed to

  • Company name, address, VAT number

  • Task management tool that the user uses

  • City and country (calculated by user’s IP address location)

  • Activity log: Events that indicate actions taken by the user, for example inviting new users, creating new data sources, or subscribing to automatic reports

Data Persistence and Removal

All customer data is deleted when a customer cancels their subscription. All data related to one data source is deleted when the customer removes the data source. Trial accounts are deleted two weeks after the trial ends. An offline backup of the data is carried out every day. These backups are stored for a maximum of 30 days.

Within an existing account, a user’s data is removed when that user is deleted from the account.

Location of Data

The Screenful service including all customer data is hosted in the EU.

Security

The Screenful service runs in a secure hosted environment on Heroku and Amazon Web Services. The Screenful app runs on the customer’s device, which can be for example a laptop or a tablet.

Authentication and Authorization

Customers are authenticated with a username and password by the Screenful app to prevent unauthorized access to their data. Only password hashes are stored.

A token is generated by the service upon login. All further requests to the Screenful service are authenticated with the token. The token is validated before serving each request, and the account id contained in the token is used to authorize the request, so users can only access data from their own account.

There are three user roles ‘admin’, 'member', and 'observer'. The last one is limited to only viewing the data. User roles can be managed in the User Management section of the Settings window.

Password policy

Passwords must be at least 8 characters long and contain at least one number and one uppercase letter.

Access to External Data Sources

Screenful provides visual analytics based on customers’ existing data in external data sources. Thus customers must give access to these systems. The credentials and access keys to the data sources are encrypted in storage.

Access can and should be limited to specific data sets in the source systems. In the case of task management systems, such as Jira or Trello, this means giving access to only certain boards or projects. Only read-only privileges are needed.

Stored Data Items

Screenful stores only data that is necessary to provide the chart and report views. For task management systems this includes

  • Project and/or board name and id, board type, board columns/lists

  • Task name, id, status, type, history, assignee avatar and name, and other properties such as label, version, component, work estimates

  • Workflow states (e.g. Open, In progress, Done)

  • Sprint or iteration name, id, status, goal, and duration

  • Custom field names

  • Custom field contents (unless they disabled in the custom fields mapping)

For example attachments, task descriptions, and comments are not stored. Naturally, all the calculated metrics and analytics are stored.

Data Encryption

All data is encrypted using TLS (SSL) while in transit. Credentials and access keys to external data sources are also encrypted when in storage.

Service status

Our status and incident communication site is located at http://status.screenful.com.

Contacts

For data and security related inquiries please contact support@screenful.com