Security and data privacy

When a team member submits their standup details, where is this data stored?

We store your team’s standup history in a secure database locked behind a firewall.  Only select servers have access to this database and the outside world cannot access this database. The data is sent over SSL, and we have site-wide SSL.

How is the data protected?

The server and database are protected by a private key. There is no password access. Only the traffic between the database and our servers is allowed; no remote access is allowed to the database. We use AWS for hosting our servers and we have firewall protection in front of our servers. 

Our servers are located in US West region.

Is my data encrypted?

Scrumrobo DB instances are encrypted and use the industry-standard AES-256 encryption algorithm to encrypt your data. After your data is encrypted. Data in transit is also encrypted and secured by SSL. Data stored at rest on the disk, database snapshots, automated backups, database logs and read replicas are all encrypted. 

A Key Management Service is used to manage the encryption keys used to encrypt your data. The master keys are protected by hardware security modules (HSMs). The HSMs are validated by the FIPS 140-2 Cryptographic Module Validation Program

What data is stored on Scrumrobo?

We sync with your chat platform and pull data from it about your team and its team members. For team data, the team name is stored. For team members, the data we store includes email and full name. This data is used for the benefit of the platform and for transaction emails such as summary reports and welcome emails.

What about communication with chat platforms?

All chat platforms that are integrated with Scrumrobo are communicated through an HTTPS API. In the case of Microsoft Teams, we routinely swap out the token used for authentication for added security. In the case of Slack and Cisco Webex, we fetch a token unique to your tenancy and use that to communicate and send messages to your team. This token is secure within our application under the same terms as the section above. In the event you stop using Scrumrobo, your token will be removed.

Is the conversation history stored? Is the communication channel secure?

Scrumrobo does not store any more data than necessary. We only store the answers, followed by the questions that the bot asks during the report. We use SSL for transports between chat platforms and Scrumrobo. Chat platforms send data through a secure channel when a conversation happens with the Scrumrobo bot, and we collect only the answers from this payload and store this data in our database as a standup entry for that member. We need to store this data, as it's required for functionalities such as email summaries and sending the summary to a channel in your chat platform.

How long is my standup data retained?

By default, the standup data is retained as long as your account is active with us.

Can you delete my data?

When a Scrumrobo account is created and integrated with Teams, we create a team object within the database in Scrumrobo too. We associate your team members data with this object, as well as any report entries. Due to the hierarchical nature of the data, we can delete any data from the account level downwards at your request. This process is done via email request.

Any other questions? Contact us and we wil be happy to help.