Last Updated: May 23, 2018
Our commitment to you and the protection of your data
What is Pivotal, the company behind Pivotal Tracker
Preparing for the GDPR
What specific information does Pivotal Tracker collect about you and how is it used?
International data transfers
What third parties do we share information with?
Data portability solutions and data management tools
Does Pivotal process personal data of its customers?
Where is Tracker hosted, and where is my data located?
Is any customer data stored outside of the United states?
How is access to project data managed?
Apart from project owners and members, who else can access my project data?
What controls are in place to protect Pivotal Tracker servers and data?
Is data encrypted at rest?
How is customer data backed up?
Does Pivotal Tracker have a disaster recovery plan?
How reliable is Pivotal Tracker, and how can i monitor system status?
How do you respond to known security vulnerabilities?
How is Pivotal Tracker tested for potential security vulnerabilities?
What development process does the Pivotal Tracker team follow?
Is Pivotal Tracker certified to any documented standards (e.g., ISO 27001, SSAE16 SOC-1, SOC-2, GSA, PCI, or HIPAA))?
How can i get more information?
PIVOTAL TRACKER AND GDPR COMPLIANCE
OUR COMMITMENT TO YOU AND THE PROTECTION OF YOUR DATA
Pivotal is committed to the security and privacy of our customers. The General Data Protection Regulation (“GDPR”) comes into effect on May 25, 2018, and will impact any company processing the data of EU citizens or residents, even if the company is not EU-based. The GDPR sets forth how companies should handle privacy issues, securely store data, and respond to security breaches. GDPR places obligations on both service providers (the controller) but also to third parties subcontracted by service providers (subprocessors).
Ultimately, the law makes it easier for customers to understand how we use and protect their personal information.
As a result Pivotal has been working diligently to ensure that Pivotal Tracker is in compliance with the GDPR when GDPR comes into effect, without sacrificing the performance and quality that our customers have come to expect from Pivotal Tracker.
On this page, we’ll explain our methods and plans to achieve GDPR compliance both for Pivotal Tracker users and ourselves.
WHAT IS PIVOTAL, THE COMPANY BEHIND PIVOTAL TRACKER
Pivotal Tracker is part of Pivotal, a fast-growing cloud software company, backed by Dell, Ford, General Electric, Microsoft, and VMware. Founded in 2013, Pivotal combines a leading cloud-native platform, tools, and methodology to empower the world’s largest organizations to adapt to change and build great software.
More can be found on the Pivotal website.
PREPARING FOR THE GDPR
The GDPR contains significant obligations for companies who may have access to the personal data of EU citizens and residents. We appreciate that Pivotal Tracker’s users have their own requirements under GDPR that are impacted by how they use Pivotal Tracker, and our global team is working diligently to take steps to comply with GDPR and ensure our customers can comply with GDPR with use of our service. We will continue to monitor GDPR developments and adjust our plans as necessary to stay current.
Some examples of steps that the Pivotal Tracker team are taking in order to satisfy GDPR requirements that are applicable to both Pivotal and our customers include:
- Reviewing and documenting data flows that involve customer information, including what personal data is stored and for what period of time
- Reviewing and removing any unnecessary handling and storage of data
- Defining, documenting, and implementing a process to regularly review and audit the data we hold
- Listing all GDPR compliant subprocessors of personal data (see below)
- Enabling the right to data portability
- Defining, documenting, and implementing a process for handling “right to be forgotten” deletion requests
- Executing Standard Contractual Clauses through our updated Data Processing Addendum in order to hold subprocessors to the same practices and standards to which we hold ourselves
- Reviewing and documenting our data retention policy
- Reviewing and documenting our process for handling security incidents
- Providing data privacy education for the Tracker team
- Carrying out data impact assessments and, if appropriate, consulting with EU regulators
- Ensuring explicit opt-in for marketing emails
- Making it clear how to remove consent for cookies or marketing emails
- Broadening to apply to mobile actions and other interactions (e.g., customer service inquiries, user conferences, etc.)
- For EEA-based customers, requiring explicit consent to the new terms.
- Offering European Union Model Clauses, also known as Standard Contractual Clauses, to meet security requirements of EEA-based customers.
- More detailed instructions for requests for access, correction, deletion or transfer of personal information, or withdrawal of consent to processing
- Instructions for EEA residents to contact their local EU Data Protection Authorities.
WHAT SPECIFIC INFORMATION DOES PIVOTAL TRACKER COLLECT ABOUT YOU AND HOW IS IT USED?
Given the nature of our service, Pivotal Tracker does not know if the content that a customer chooses to enter or upload into Pivotal Tracker is “personal data” as defined by the GDPR. For a further description of customer application data, see the Data Security information below.
- Openid_email (if supplied by data subject)
- IP address
- Geographic location
- Avatar photo (if supplied by data subject)
Pivotal may share the information above with certain third parties, in each case in compliance with applicable privacy laws. Pivotal uses this information in order to enable users to sign up and use Pivotal Tracker, to be uniquely identified so that their activity in Pivotal Tracker is visible to their teammates, logged for troubleshooting and auditing purposes, so that their work in Pivotal Tracker can be searched for, for analysing usage so that the impact of changes to Pivotal Tracker can be measured and monitored, so Pivotal Tracker can be better enhanced to meet user needs, and so that we may send email such as payment receipts, notifications of Pivotal Tracker activity, also the onboarding information and newsletters customers have consented to.
INTERNATIONAL DATA TRANSFERS
In addition to our compliance efforts regarding the GDPR, Pivotal Tracker offers European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for our customers that operate in the European Union, and other international transfers of customer data, in order to ensure that Pivotal is compliant with applicable data protection requirements if users transfer personal data using Pivotal Tracker from the EU to the United States.
WHAT THIRD PARTIES DO WE SHARE INFORMATION WITH?
To support delivery of our Service Offering, Pivotal Tracker may engage and use data processors with access to certain customer data (each, a “Subprocessor”). Pivotal Tracker’s Subprocessors include:
|Entity Name||Subprocessing Activities||Entity Country|
|Amazon Web Services (S3)||Cloud file attachment storage services||United States|
|Braintree, a service of PayPal Inc.||Payment processing services||United States|
|Marketo||Email service and marketing automation provider||United States|
|Emma||Email service provider||United States|
|Google Cloud Platform||Cloud service provider||United States|
|Google Analytics||User analytics service provider||United States|
|Google Stackdriver/BigQuery||Cloud-based log management services||United States|
|Hubspot, Inc.||Customer relationship management service provider||United States|
|Mixpanel, Inc.||User analytics service provider||United States|
|New Relic, Inc.||User analytics service provider||United States|
|SendGrid, Inc.||Cloud-based email notification services||United States|
|Zendesk, Inc.||Cloud-based customer support services||United States|
Our Subprocessors may change as our product evolves. We will endeavor to provide customers with notices of any new Subprocessors, and post such updates here.
DATA PORTABILITY SOLUTIONS AND DATA MANAGEMENT TOOLS
To assist our customers in their own efforts to comply with the GDPR, Pivotal Tracker provides the following tools:
- Pivotal Tracker project data can be exported to CSV file or accessed via the API (by users with the correct permissions) in order to store or move it outside of Pivotal Tracker.
- Tracker user login profile data can be updated by the owner of the login profile. This includes, name, initials, email address and optional avatar photo. An open_id email address associated with a login can also be removed.
- Tracker user logins can be removed by contacting firstname.lastname@example.org. of project and story activity intact in Tracker. This is to avoid confusion about who worked on stories in Tracker and allows an organization to audit activity accurately. However a user can change their name and initials in their Tracker Profile before making the removal request.
- Pivotal Tracker accounts, projects, individual stories and attachments to those stories can all be deleted (by users with the correct permissions). Additional data deletion requests can be made by contacting email@example.com.
- Data in Pivotal Tracker projects, stories and attachments to those stories can be corrected directly (by users with the correct permissions).
Remaining compliant with the GDPR and applicable privacy laws requires ongoing review and iteration, and is of the utmost importance to Pivotal. The content of this document will be updated by Pivotal from time to time as more GDPR-related information becomes available. Should you have any questions, please do not hesitate to email us at firstname.lastname@example.org.
PIVOTAL TRACKER AND DATA SECURITY AND RELIABILITY
The security and privacy of your personal, payment, and project information is very important to us. Tracker runs in an an enterprise-grade hosting environment, we employ industry-standard means to protect your data, and all plans include SSL encryption. Credit card information is stored by Braintree, a highly trusted, Level 1 PCI DSS-compliant payment gateway and payment-processing provider.
DOES PIVOTAL PROCESS PERSONAL DATA OF ITS CUSTOMERS?
WHERE IS TRACKER HOSTED, AND WHERE IS MY DATA LOCATED?
The Pivotal Tracker production environment runs in a multi-zone cluster within a Virtual Private Cloud (VPC) on Google Cloud Platform (GCP), in the US Central (Iowa) Region.
Pivotal Tracker relies on a number of high-availability, scalable GCP services, including Google Compute Engine for computing resources, Google Cloud Storage (GCS), Google Cloud CDN and Google Cloud SQL for data storage.
Pivotal Tracker utilizes Amazon Web Services (AWS) Scalable Storage System (S3) for file attachments.
Google Cloud Platform compliance and security documentation can be found on the Google Cloud Platform Security and Compliance site.
Amazon Web Services compliance and security documentation can be found on the AWS Compliance site.
Pivotal Tracker does not store any customer credit card information. Credit cards are stored in a secure manner by Braintree, our PCI-compliant payment processor and gateway, and are referenced by token only.
IS ANY CUSTOMER DATA STORED OUTSIDE OF THE UNITED STATES?
All Pivotal Tracker services run within GCP and AWS regions in the United States. No data is stored outside of the United States.
HOW IS ACCESS TO PROJECT DATA MANAGED?
Registered Pivotal Tracker users can create “projects” and invite other users to these projects (subject to free or paid plan limits). Users can only access projects that they were explicitly invited to by the project’s owners, or projects that were explicitly designated as “public” by their owner(s). More information on project member roles can be found here.
In order to access data in private projects that they have been granted membership in, users must either sign in to the Pivotal Tracker website with a username and password (or their Google identity), access the API programmatically with a unique token, or via RSS and “webhook” activity feeds. API and RSS/webhook access to projects can be explicitly disabled by project owners.
Pivotal Tracker offers SAML-based Single Sign-on (SSO) as an option for enterprise customers.
APART FROM PROJECT OWNERS AND MEMBERS, WHO ELSE CAN ACCESS MY PROJECT DATA?
In addition to those explicitly invited to a project, the owner and administrators on the account that the project is part of can view project data and/or make changes to project memberships.
Public projects (i.e., projects that have the “public” access setting enabled by a project owner) can be seen (in read-only mode) by anyone on the Internet.
In enterprise accounts, project owners can designate their projects as “account visible.” Account-visible projects can be discovered and viewed by any member of that enterprise account.
Certain members of the dedicated Pivotal Tracker development and support team have access to data in the production environment, strictly for support and operations purposes. This level of access is granted to a subset of the dedicated Pivotal Tracker development and operations team, on a strict as-needed basis.
WHAT CONTROLS ARE IN PLACE TO PROTECT PIVOTAL TRACKER SERVERS AND DATA?
Access to the production environment (on GCP and AWS) is restricted to a small subset of the Pivotal Tracker development and operations team, who are all highly trusted, permanent Pivotal employees, located in the United States, Ireland, and the UK. Access is managed by Pivotal’s SSO system, with mandatory two-factor authentication (2FA).
All web and API requests to the Tracker application are logged and indexed, and include originating IP information.
All web and API access to Pivotal Tracker projects is exclusively via HTTP over SSL, with 1024-bit RSA public key. Project data can be accessed via the API, using token authentication. API access is enabled for all projects by default, but may be disabled by project owners, account admins, and the account owner in Project Settings.
IS DATA ENCRYPTED AT REST?
Tracker project data is stored using GCP database services (CloudSQL), for which at-rest encryption is automatically provided.
In addition to at-rest encryption provided by GCP, we adhere to industry-best practices with respect to secure password storage at the database level, currently via a bcrypt adaptive hash algorithm that incorporates “salting” to make brute-force attacks extremely difficult. Other credentials (e.g., those used for external integrations) are stored using two-way AES encryption.
File attachments are stored on a non-encrypted AWS S3 bucket.
HOW IS CUSTOMER DATA BACKED UP?
Pivotal Tracker utilizes the Google Cloud SQL High Availability configuration option, with daily backup capability provided by Google Cloud SQL for point-in-time recovery.
In addition, every 6 hours a backup is restored to a disaster recovery database in a separate GCP region (US West), which would allow us to rebuild the production environment from scratch in the case of a catastrophic region failure.
File attachments are stored on a single S3 bucket. Information about AWS S3 data reliability can be found here.
DOES PIVOTAL TRACKER HAVE A DISASTER RECOVERY PLAN?
The Pivotal Tracker dev-ops team maintains a documented disaster recovery process that involves internal contact and escalation procedures, user communication, hosting provider contact and escalation, as well as system recovery instructions.
Should the availability zone where our database services are go down, the primary instance fail, or any other event resulting in the primary database instance becoming unavailable, automatic failover will take place. During an event triggering automatic failover, the database would be unavailable for between one and two minutes while the secondary database is promoted to the primary.
In the event that we lose an Google Compute Engine availability zone (for our application and worker instances), the Pivotal Cloud Foundry PaaS provides automatic failover and will switch over to the next available zone. In the unlikely case of a complete region failure, a new PCF instance would be reinstalled by the Pivotal CloudOps team within 24-48 hours, using automated scripts, restoring the most recent periodic Google Cloud SQL database snapshot.
HOW RELIABLE IS PIVOTAL TRACKER, AND HOW CAN I MONITOR SYSTEM STATUS?
Pivotal Tracker is a mission-critical application for Pivotal, as well as for thousands of companies around the entire world. We invest heavily in making Tracker as reliable as possible, and a result, outages (planned or unplanned) of Pivotal Tracker are extremely rare. Uptime is typically 99.9% or above. You can check Pivotal Tracker’s current system, as well as historical uptime, on our system status monitoring page here.
In the rare case that a planned downtime is necessary for maintenance that cannot be performed on a rolling basis, customers are notified via in-application messaging multiple days in advance, and the maintenance is scheduled at a time with least possible impact on high-usage periods across all time zones.
HOW DO YOU RESPOND TO KNOWN SECURITY VULNERABILITIES?
From time to time, vulnerabilities in widely used software tools and libraries are identified that could lead to undesirable exploits. The Pivotal Tracker team monitors various sources, including internal Pivotal IT security announcements, for new discoveries of such vulnerabilities, and takes immediate action to address any that affect Tracker.
Security patches and updates are applied continuously, and we have enabled automatic maintenance updates for our GCP resources.
HOW IS PIVOTAL TRACKER TESTED FOR POTENTIAL SECURITY VULNERABILITIES?
Pivotal periodically uses third-party security firms to perform security assessments of Tracker. These assessments are performed at a minimum of once a year. Any resulting findings are prioritized and addressed according to Pivotal’s policies and industry best practices. Although specific results from these assessments cannot be provided to customers, upon request Pivotal may share information with customers about its testing methodology and scope of its security assessments.
Due to the multi-tenant nature of the environment, customer security assessment of Tracker is not permitted.
If you have any questions about the security program for Tracker, contact us at email@example.com.
WHAT DEVELOPMENT PROCESS DOES THE PIVOTAL TRACKER TEAM FOLLOW?
The Pivotal Tracker development team follows Pivotal Labs agile development practices, based on the Extreme Programming methodology. All code is test driven, leading to very high test coverage, and all developers work in pairs (two developers, one computer) as the default. We run tests and builds continuously, using Continuous Integration and Continuous Delivery (CI/CD) tools and practices. Pivotal Tracker and GitHub are used for all software development, providing a fine-grained, living audit trail of all product decisions, resulting code changes, and releases to the production environment.
All Pivotal Tracker development and operations work is done in-house; we do not utilize any outsourcing.
IS PIVOTAL TRACKER CERTIFIED TO ANY DOCUMENTED STANDARDS (E.G., ISO 27001, SSAE16 SOC-1, SOC-2, GSA, PCI, OR HIPAA)?
Pivotal Tracker does not currently conform to any formal process documentation standards or certifications.
HOW CAN I GET MORE INFORMATION?
For any questions or additional information, please email firstname.lastname@example.org.
Disclaimer: This document is provided for informational purposes only and represents Pivotal’s current offerings as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of Pivotal’s products or services, each of which is provided “as is” without warranty of any kind, whether express or implied. This document does not create any warranties, representations, contractual commitments, conditions or assurances from Pivotal, its affiliates, suppliers or licensors. The responsibilities and liabilities of Pivotal to its customers are controlled by Pivotal agreements, and this document is not part of, nor does it modify, any agreement between Pivotal and its customers.