Privacy Policy
This page contains an overview of data management and security aspects of the Upside service, including information on our GDPR compliance and our data retention policy.
This page contains an overview of data management and security aspects of the Upside service, including information on our GDPR compliance and our data retention policy.
The EU General Data Protection Regulation (GDPR) sets a new standard for how companies use and protect data taking effect from May 2018.
Upside is committed to compliance. Key aspects are listed below.
Upside stores the following personal data for our users.
All customer data is deleted when a customer cancels their subscription. All data related to one dashboard is deleted when the customer removes the dashboard. Trial accounts are deleted two weeks after the trial ends. Data backups are created on a continual basis, these backups are stored for a maximum of 90 days.
Within an existing account a users data is removed when that user is deleted from the account.
The Upside service including all customer data is hosted in the Europe.
Upside uses the following 3rd party services. This list has been updated on February 20th 2021,
Here’s our Data Processing Addendum
If you have data related requests get in touch by emailing support@myupside.io.
The Upside service runs in a secure hosted environment on Heroku and Amazon Web Services. The Upside app runs on the customer’s device, which can be for example a laptop or a tablet.
Customers are authenticated with a username and password by the Upside app to prevent unauthorized access to the dashboards. Only passwords hashes are stored.
A token is generated by the service upon login. All further requests to the Upside service are authenticated with the token. The token is validated and before serving each request, and the account id contained in the token is used to authorize the request, so users can only access data from their own account.
There are four user roles 'owner', 'manager', 'member', and 'viewer'. The latter two are limited to only viewing the data. User roles can be managed at the User Management section of the Settings window.
Passwords must be at least 8 characters long and contain at least one number and one uppercase letter.
A significant component of the Upside dashboards functionality is to provide visual analytics based on the customers’ existing data from external data sources. To access this data customers must give Upside access to these systems by providing access credentials such as API keys. All such secure information is passed through an additional layer of encryption by the Upside platform and all data is stored in an encrypted at rest storage.
Access can and should be limited to specific data sets in the source systems. In the case of task management systems, such as Jira or Trello, this means giving access to only certain boards or projects for which only read-only privileges are needed. It is the responsibility of the customer to ensure that credentials provided to Upside have the appropriate restrictions configured within the data source's own preferences.
Upside stores only data that is necessary to provide the dashboard views. For task management systems this includes;
Sensitive data such as ticket descriptions, attachments, comments, and discussions are not stored. Naturally all the calculated metrics and analytics are stored.
All data is encrypted using TLS (SSL) while in transit. Credentials and access keys to external data sources are also encrypted before being store in storage using secure keys that are not shared between customers. In addition all Upside databases are fully encrypted at rest.
Here’s our Terms of Service