Security information for Usage Statistics for Jira
Here you find information on how this app works with data.
How is the data collected?
The usage statics app will run whenever an issue is loaded and is basically a static HTML page.
The App itself is delivered by a web server which just provides the static HTML CSS and JavaScript.
The web server holds no session information.
What data is collected?
Every successful app load (the small usage statistic panel in the issue) will load the already stored data from your Jira.
We store the app data as Entity Properties.
This data is only stored in your Jira.
The data structure is a JSON and looks like this:
{"views": 0,{"views": 0, "year": year, "month": month, "day": day, "hour": hour, "views-y": 0, "views-yh": [0,0,0,0], "views-m": 0, "views-mh": [0,0,0,0,0,0,0,0,0,0,0], "views-d": 0, "views-dh": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], "views-h": 0, "views-hh": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] }
So we track the amount of page/issue views and increase a counter in the data structure.
There are basic counters for the year, day hour and so on.
And there are historical counter arrays which are needed to have a historical view on the counts (past month or years).
The important fact is that there is no user data stored.
How is this data protected - if collected and stored?
The data is stored as Jira entity property.
Jira entity properties are readable/writable by every logged-in user.
The data is loaded and stored via REST on your Jira system.
It is triggered in the browser of the current user.
Because the app is basically doing everything in the browser we highly recommend having a look at the delivered HTML, CSS, JavaScript of the app. The app is delivered in an iframe and easily discoverable using the browser development tools (F12). Our app resources are not minified or obfuscated which makes them readable.