Legal

EULA
DPA
SLA
Privacy Policy

End User License Agreement (EULA)Crimsalytics LLC Cloud Apps for Atlassian Products

Last Updated: January 15, 2025

This End User License Agreement (“Agreement”) is a legal agreement between you (“End User”) and Crimsalytics LLC (“Crimsalytics”), a provider of Cloud Apps for Atlassian products. By installing, accessing, or using any Cloud App or service provided by Crimsalytics via the Atlassian Marketplace, you agree to be bound by the terms and conditions of this Agreement.

1. Scope
This Agreement applies to all Cloud Apps or services related to Crimsalytics’ Cloud Apps, including those made available through Atlassian’s Marketplace. The terms of this Agreement become effective when you install the software on your Atlassian instance.

2. License and Payment Terms

  • The license for the Cloud Apps is available on a monthly or annual subscription basis, as selected during the purchase process via Atlassian’s Marketplace.
  • Payments for the license must be made through Atlassian’s Marketplace and are subject to Atlassian’s payment terms.
  • End User has thirty (30) days from the date of purchase to cancel the order and return the Cloud App. If the End User cancels their order within this time-period, Atlassian Marketplace will issue a refund.  End Users must cease to use the app and delete any copies in the End User’s possession.  No refunds are offered after thirty (30) days under this Agreement.
  • If offered, the End User may utilize trial periods to try the app through the period specified when signing up for the trial.

3. Beta Products
Products listed as “Beta” are under testing and may still contain bugs, critical issues, or other imperfections. By using Beta products, you acknowledge and accept the risks associated with their use.

4. Third-Party Software
The Cloud Apps may include third-party software can be found in Appendix A.

5. Support
Crimsalytics will provide support for the Cloud Apps as follows:

  • Critical issues: Support will be provided within 24 hours of the request.
  • Non-critical issues: Support will be provided within 5 business days.
    Support requests must be submitted via email to support@crimsalytics.com.

6. Data Handling
All data handled by the Cloud Apps is stored on Atlassian’s platform using Atlassian Forge. Deleting the app will automatically delete all stored data. Crimsalytics does not have access to your data, except for server log files that may include Atlassian User Account IDs, which are used solely to facilitate support for End Users.

7. Limitations

The software is built on Atlassian’s Forge platform (see https://developer.atlassian.com/platform/forge/).  There are inherent benefits to leveraging this platform with respect to data security, privacy and ensuring the customer data remains within the customer’s Jira instance.  There are some potential drawbacks as Atlassian’s Forge platform has quotas and limits. Crimsalytics has made commercially reasonable efforts to minimize the utilization of Atlassian Forge resources to ensure customers can maximize the use of the software without interruption.  At the same time, Crimsalytics shall not be held liable if the use the usage of the Cloud Apps exceeds the end-user’s platform quotas, which can result in the termination of service until quotas are reset per https://developer.atlassian.com/platform/forge/platform-quotas-and-limits/.

8. Termination
This Agreement may be terminated for cause by either party. Upon termination, all rights granted to you under this Agreement will immediately cease, and you must cease all use of the Cloud Apps. Termination will not relieve you of any payment obligations incurred before termination.

9. Confidentiality
Both parties agree to maintain the confidentiality of any confidential information disclosed during the term of this Agreement. Confidential information does not include information that is publicly available or becomes known through no fault of the receiving party.

10. Copyright and Intellectual Property
The Cloud Apps and all associated intellectual property are the exclusive property of Crimsalytics or its licensors. End Users are not granted any ownership rights, and you may not reverse engineer, decompile, or otherwise attempt to extract the source code of the Cloud Apps.

11. No Warranties
The Cloud Apps are provided “as is” and “as available” without any warranties, express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

12. Assignment
You may assign this Agreement to a third party as part of a merger, acquisition, or other corporate transaction without requiring Crimsalytics’ prior consent.

12. Revisions to this Agreement
Crimsalytics reserves the right to modify this Agreement at any time. Revisions will be effective upon publication on the Crimsalytics website. Your continued use of the Cloud Apps following the publication of any revisions constitutes your acceptance of the modified terms.

13. Viruses and Security

Crimsalytics takes reasonable precautions to ensure that its Cloud Apps are free of viruses, malware, or other harmful components. However, Crimsalytics does not warrant or guarantee that the Cloud Apps will be completely secure or free from these elements. It is your responsibility to implement appropriate safeguards to protect your systems when using the Cloud Apps. Crimsalytics will not be liable for any damage caused by viruses or other security breaches arising from your use of the Cloud Apps.

14. Limitation of Liability

To the maximum extent permitted by applicable law, Crimsalytics’ total liability for any claims arising out of or in connection with the use of the Cloud Apps, whether in contract, tort (including negligence), or otherwise, shall be limited to the amount actually paid by the End User for the software during the 12-month period preceding the claim. In no event shall Crimsalytics be liable for any indirect, incidental, special, consequential, or punitive damages, or for any loss of profits, revenue, data, or use, whether incurred directly or indirectly, or any loss of business opportunity, however caused and under any theory of liability, even if Crimsalytics has been advised of the possibility of such damages. This limitation of liability shall apply regardless of the nature of the claim or the theory of liability asserted.

15. Force Majeure
Neither party shall be liable for any failure or delay in performance under this Agreement due to causes beyond its reasonable control, including but not limited to acts of God, fire, flood, earthquake, war, terrorism, strike, labor dispute, embargo, government regulation, pandemics, telecommunications failures, power failures, network interruptions, or any other event or circumstance beyond the reasonable control of the affected party (a “Force Majeure Event”). In the event of a Force Majeure Event, the affected party shall be excused from performance for as long as such event continues and the affected party uses commercially reasonable efforts to resume performance as soon as reasonably possible. If a Force Majeure Event lasts for more than 30 days, either party may terminate this Agreement upon written notice to the other party.

To ensure self-consistency between the Governing Law and Dispute Resolution clauses, you’ll want to harmonize the jurisdiction and venue references, as well as clarify that mediation and arbitration are the exclusive methods for resolving disputes. Since you no longer intend to pursue litigation after mediation, the section about court jurisdiction should be aligned with the mediation and arbitration process.

Here’s a revised version that maintains consistency across the two clauses:

16. Governing Law and Dispute Resolution
This Agreement shall be governed by, and construed in accordance with, the laws of the State of California, without regard to its conflict of law principles. Any disputes arising out of or relating to this Agreement shall be resolved through mediation and, if necessary, binding arbitration in accordance with the provisions of Section 18 below. The parties agree that mediation will be conducted in California, and if the dispute is not resolved through mediation, binding arbitration will be the exclusive method for resolving the dispute.

17. Dispute Resolution and Mediation
In the event of any dispute, controversy, or claim arising out of or relating to this Agreement, the parties agree to first attempt to resolve the dispute through informal negotiations. If the dispute cannot be resolved informally within 30 days from the date the dispute arises, the parties agree to submit the dispute to mediation before seeking any other form of legal recourse.

The mediation shall be conducted in accordance with the rules of the American Arbitration Association (AAA) or another mutually agreed-upon mediator. The mediation will take place virtually or at a mutually agreed-upon location in California. The parties agree to limit the mediation to one day or a maximum of three mediation sessions, whichever is shorter.

The parties will select a mediator with experience in the relevant field of dispute, and the costs of mediation shall be shared equally by the parties. If the mediation does not result in a settlement, the dispute shall be resolved through binding arbitration under the rules of the AAA or another mutually agreed-upon arbitrator. The arbitration shall be final, and the parties agree to accept the arbitration decision as the sole and exclusive resolution to the dispute.

In no event will the parties pursue legal action or litigation in any court following the failure of mediation, except for the purpose of enforcing the results of the arbitration.

18. Entire Agreement
This Agreement constitutes the entire understanding between the parties with respect to the subject matter and supersedes all prior discussions, agreements, or understandings of any kind.

By installing or using the Cloud Apps, you acknowledge that you have read, understood, and agree to be bound by the terms and conditions of this Agreement.

Appendix A

Third Party Software Licenses

The following third party software is used in Crimsalytics products.

Chart.js

The MIT License (MIT)

Copyright (c) 2014-2024 Chart.js Contributors

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Data Processing Addendum

Crimsalytics LLC Cloud Apps for Atlassian Products

Last Updated: January 15, 2025

This Data Processing Addendum (“DPA”) forms part of the End User License Agreement (“EULA”) between Crimsalytics LLC (“Crimsalytics”) and you, the End User, and governs the processing of personal data in connection with your use of Crimsalytics’ Cloud Apps through Atlassian’s Marketplace. This DPA is incorporated by reference into the EULA and is applicable when Crimsalytics processes personal data on behalf of the End User as a data processor.

  1. Definitions
  • “Personal Data” means any information relating to an identified or identifiable natural person as defined under applicable data protection laws.
  • “Data Controller” means the End User, who determines the purposes and means of processing Personal Data.
  • “Data Processor” means Crimsalytics, which processes Personal Data on behalf of the Data Controller.
  • “Data Subject” means the individual to whom the Personal Data relates.
  • “Applicable Data Protection Laws” refers to all laws and regulations relating to data protection and privacy, including but not limited to the General Data Protection Regulation (GDPR).
  1. Scope and Role
    This DPA applies to the Personal Data processed by Crimsalytics in connection with the End User’s use of Crimsalytics’ Cloud Apps. The End User acts as the Data Controller, and Crimsalytics acts as the Data Processor with respect to such Personal Data.
  2. Data Processing
    Crimsalytics agrees to process Personal Data only in accordance with the following provisions:
  • Purpose: Personal Data will be processed solely for the purpose of providing the Cloud Apps and related services, including support services, as outlined in the EULA.
  • Instructions: Crimsalytics will process Personal Data only in accordance with the End User’s written instructions, unless otherwise required by law.
  • Types of Data: Personal Data may include Atlassian User Account IDs and other user data stored within the Atlassian environment strictly using the Atlassian Forge platform, which is necessary for the operation of the Cloud Apps.
  • Duration: Personal Data will be processed for the duration of the End User’s use of the Cloud Apps, and until the deletion of the app or termination of the EULA.
  1. Data Security
    Crimsalytics implements appropriate technical and organizational measures to protect Personal Data from unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures are designed to ensure the confidentiality, integrity, and availability of Personal Data, and include:
  • Strict use of the Atlassian Forge platform for the implementation of all data processing capabilities.
  • Only use of anonymized Atlassian Account IDs
  1. Data Subject Rights
    Crimsalytics will assist the End User, as reasonably necessary, in fulfilling any requests by Data Subjects to exercise their rights under Applicable Data Protection Laws, including rights of access, rectification, erasure, restriction, portability, and objection.
    End Users are responsible for responding to such Data Subject requests. Should Crimsalytics receive any requests directly from Data Subjects, it will notify the End User without undue delay.
  2. Sub-processors
    Crimsalytics may engage sub-processors to process Personal Data on its behalf. Crimsalytics will ensure that such sub-processors are bound by data protection obligations similar to those in this DPA.
    At present, Crimsalytics does not use any sub-processors.
  3. Data Breach Notification
    Crimsalytics will notify the End User without undue delay upon becoming aware of any unauthorized access, use, disclosure, or breach of Personal Data (a “Data Breach”). Crimsalytics will provide all reasonable assistance to the End User in investigating and mitigating the Data Breach and complying with applicable data breach notification obligations.
  4. Data Deletion
    Upon termination of the EULA or at the End User’s request, Crimsalytics will delete or anonymize all Personal Data processed on behalf of the End User, except to the extent required by law. Deleting the Cloud App from the Atlassian instance will automatically delete all associated data.
  5. Audit Rights
    Crimsalytics will maintain appropriate records of its data processing activities and make such records available to the End User or its designated auditors to demonstrate compliance with this DPA. Any such audit must be limited to once per year and conducted during regular business hours with reasonable notice.
  6. Cross-Border Transfers
    Personal Data processed under this DPA will be solely stored and processed within the Atlassian environment.  Therefore, there will not be any transfers outside the European Economic Area (EEA). 
  7. Limitation of Liability
    Crimsalytics’ liability under this DPA is subject to the limitations set out in the EULA. Crimsalytics will not be liable for any damages, losses, or claims arising out of the End User’s failure to comply with Applicable Data Protection Laws.
  8. Confidentiality
    Crimsalytics will ensure that its personnel, agents, or sub-processors who have access to Personal Data are bound by appropriate confidentiality obligations.
  9. Amendments
    Crimsalytics reserves the right to modify this DPA. Any modifications will be published on the Crimsalytics website, and continued use of the Cloud Apps after such publication constitutes acceptance of the updated DPA.
  10. Entire Agreement
    This DPA, together with the EULA, constitutes the entire agreement between the parties with respect to data processing and supersedes all prior agreements or understandings related to data processing.

By using Crimsalytics’ Cloud Apps, you acknowledge that you have read, understood, and agree to this DPA and Crimsalytics’ processing of Personal Data as described herein.

DPA Appendix Red Line Burndown

Data Processing Description

Nature and Purpose of Processing:
The data is processed to provide burndown chart analytics and project management insights within the Jira environment. This includes calculating project progress, resource utilization, and predictive analytics for project completion.
Types of Personal Data:
  • Jira user identifiers (e.g. anonymized user IDs)
  • Issue metadata (e.g., issue keys, status changes, story points, time estimates)
  • Timestamps of user actions related to issue updates
Categories of Data Subjects:
  • Jira users (including project managers, team members, and other stakeholders)
Processing Operations:
   a. Data Collection:
  • Retrieval of issue data and associated metadata from Jira
  • Collection of user interaction data related to issue updates
  b. Data Analysis:
  • Calculation of burndown metrics
  • Analysis of project progress and resource utilization
  • Generation of predictive analytics for project completion
   c. Data Storage:
  • Temporary storage of processed data for performance optimization solely in Atlassian Forge
  • Caching of calculated results for improved response times
  • All data is deleted when the application is uninstalled from an end-user’s Atlassian Jira instance.
   d. Data Presentation:
  • Display of burndown charts and analytics in the Jira dashboard
Duration of Processing:
Data is processed for the duration of the user’s interaction with the burndown chart gadget and for a short period thereafter to facilitate caching and performance optimization solely within Atlassian Forge
Data Security Measures:
  • Encryption of data in transit and at rest
  • Access controls to limit data access to authorized personnel only
  • Compliance with Atlassian’s security requirements for Forge apps
Data Minimization:
Only necessary data for the functioning of the burndown chart and related analytics is collected and processed. Personal data is anonymized where possible for analytical purposes.
Data Subject Rights:
Procedures are in place to facilitate data subject rights as per GDPR, including the right to access, rectification, erasure, and data portability, in coordination with the Jira instance administrator.

SLA

Crimsalytics will provide support for the Cloud Apps as follows:

  • Critical issues: Support will be provided within 24 hours of the request.
  • Non-critical issues: Support will be provided within 5 business days.
  • Support requests must be submitted via email to support@crimsalytics.com.

Privacy Policy

Crimsalytics LLC Privacy Policy

Last Updated: January 15, 2025

At Crimsalytics LLC, we are committed to protecting your privacy. This Privacy Policy outlines how we collect, use, and safeguard your personal information when you interact with us through our website and email communications. By using our services, you agree to the terms described in this policy.

1. Information We Collect

We collect personal information when you interact with us, such as when you:

  • Communicate with us via email.
  • Visit our website.

The types of personal information we may collect include:

  • Name: Used to identify you in our communications.
  • Email Address: Used to communicate with you, provide support, send updates, and notify you of any changes to our services.
  • Business Details: Such as company name, when relevant to providing services or support.

We may also collect non-personal information through cookies and similar technologies, such as your IP address, browser type, and how you navigate our website.

2. How We Use Your Information

We use the information we collect to:

  • Provide and improve our software services.
  • Respond to your inquiries and support requests.
  • Send newsletters, updates, and promotional material (you may opt-out of marketing communications at any time).
  • Comply with legal obligations and protect our business interests.

We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. How We Protect Your Information

We take reasonable measures to protect your personal information from unauthorized access, loss, misuse, or alteration. These measures include using secure servers, encrypted email communications, and restricting access to personal information to authorized personnel only.

However, please note that no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

4. Sharing Your Information

We may share your personal information with trusted third-party service providers, such as:

  • Email Service Providers: To send emails and newsletters.
  • Analytics Tools: To monitor and analyze the use of our website.

These third parties are obligated to protect your information and only use it to provide the services we’ve requested.

5. Your Rights

You have the right to:

  • Access: Request a copy of the personal information we hold about you.
  • Correct: Request that we correct any inaccuracies in your personal information.
  • Delete: Request the deletion of your personal data (subject to legal obligations).
  • Opt-Out: Unsubscribe from marketing emails by using the “unsubscribe” link provided in our communications.

To exercise these rights, please contact us at privacy@crimsalytics.com.

6. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law.

7. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify you via email or by posting an updated version on our website. Your continued use of our services after any updates constitutes acceptance of the new terms.

8. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at:

  • Email: privacy@crimsalytics.com