Security and safety

Agile Cards for Trello is built with safety and security in mind. Here are a few facts which will help you understand its architecture and that using Agile Cards should no impact on your security whatsoever.

Analytics

Agile Cards come with inbuilt analytics. The data collected by Agile Cards pertains only to the statistical usage of the add-on. The user ID is encoded using a one-way hash function and it's impossible to identify a particular user. Analytics helps the team at Spartez to optimize the solution and implement even better future versions.

What data are read and stored by Agile Cards?

Before enabling Agile Cards you will be asked to grant permission to read all your boards, including cards' content, and teams. Access to this data is required in order to provide the functionality of the Power-up. Agile Cards won't be able to create and update cards, lists, boards and teams, make comments for you, read your email address or see your Trello password.

Agile Cards stores only the data related to templates configuration, like fields selected for printing and font size.

How is data secured?

The code of Agile Cards Power-up is hosted on Google Firebase platform, it's downloaded and executed in user's Internet browser.

All the configuration data is stored inside Trello infrastructure, using Trello mechanism for storing custom Power-up data and never leaves it. The data is stored in context of your user account, board or organization, but it may be only accessed by you. Access to the data is secured by secret token provided by Trello during the Power-up authorization process.

We stick to the following security guidelines:

• All external incoming or outgoing connections (or connection that go via public network) are made using secure protocol (for example: https, ssh).
• Every connection, that is crossing network border(external or internal), is protected by at least one security measure (certificate, token, etc).
• No security measure can be used to cross multiple network borders. For example, if we protect connections to Cloud internal network using Certificate A, then it cannot be used to protect connections to Spartez internal network

Who gets access to Agile Cards?

If Agile Cards Power-up is enabled on a particular board, then every user that has access to this board is able to use it, assuming that he/she grants adequate permissions to the Power-up.

Subprocessors

Spartez may use the following Subprocessors in the Processing of Client Personal Data related to Agile Cards for Trello:

• Google Firebase - hosting of all resources (HTML, CSS and JavaScript files) required to deliver Power-up functionalities, storing custom templates data,
• Bugsnag - collecting crash and bug reports.

Service providers

• Amplitude - collecting anonymous analytics data,
• Atlassian Bitbucket - hosting of images used in the Power-up description.