Data Usage and Permissions Policy

This privacy policy informs about the data we collect when you use our website. By collecting this information, we act as a data controller and, by law, we must provide information about us, why and how we use your data, and also the rights you have.

Who are we?

We are KODUS, CNPJ 32.774.570/0001-25. We are located at Rua Joaquim Anacleto Bueno, 1-20, Bauru – SP. You can contact us at our physical address, or by email at contato@kodus.io

We also have a data protection officer, so any questions or requests regarding the use of your personal data should be directed to our data manager:

Cookies

When you use our site to browse our products and services and view the information we provide, various cookies are used by us and by third parties to enable the site to function, collect useful information about visitors, helping to make your user experience better.

Some of the cookies we use are strictly necessary for the operation of our website, and we do not ask for your consent to place them on your computer.

However, for cookies that are useful but not strictly necessary, we will always ask for your consent before collecting them.

When you send a message through our website

When you send an inquiry/response through our website, we request your name, contact phone, and email.

We use this information to respond to your inquiry, including providing information requested about our products and services.

We may also email you several times after your inquiry to follow up on your interest and ensure that we have responded satisfactorily. We do this based on our legitimate interest in providing accurate information.

Your inquiry is stored on our server and will be treated only as a result of your request via our website.

We do not use the information you provide to make any automated decisions that may affect you.

We keep your inquiry email for two years, after which it is archived and kept securely for five years, when we delete them. CRM records are kept for three years after the last contact with you.

Your rights as a data subject

By law, you can ask us what information we have about you, and you can ask us to correct it if it is inaccurate. If we have requested your consent to process your personal data, you may withdraw this consent at any time, as well as request data deletion.

If we are processing your personal data for reasons of consent or to fulfill a contract, you may ask us for a copy of the information in a readable format so that you can transfer it to another provider. You can also request the deletion of your data.

You have the right to ask us to stop using your information for a period if you believe that we are not doing so legally.

To send a request about your personal data by email, mail, or phone, use the contact information provided above.

Your right to complain

If you have a complaint about the use of your information, we prefer that you contact us directly so that we can address your complaint.

Updates to this privacy policy

We regularly review and, if appropriate, update this privacy policy from time to time, and as our services and use of personal data evolve. If we want to use your personal data in a way that we have not previously identified, we will contact you to provide information about this and, if necessary, request your consent.

We will update the version number and date of this document every time it is changed.

AI Training

We do not use your data for the training of external Language Model (LLM) models. It is worth noting that we employ OpenAI’s API for some natural language processing functionalities, and according to OpenAI’s data policy, data transmitted through the API is not retained or used to train its AI models.

Safe Handling and Use of Your Data

🔒 All our integrations are performed via API, adhering to the OAuth2 standard, which is renowned for providing high levels of security to your data. You maintain full control over the permissions granted, being able to adjust or revoke access at any time.

All interactions with integrated platforms are conducted securely via API, using the HTTPS protocol to ensure the integrity and confidentiality of transmitted data.

The data collected serves as the foundation for:

  • Best Practices Diagnosis;
  • Engineering and Agility Metrics;
  • Automations;
  • Agents.

We highlight that we do not store raw data from integrated platforms. All retained data has already undergone a processing phase, maintaining only the crucial information for the generation and maintenance of the desired artifacts. This practice aims to minimize data retention, reaffirming our commitment to the privacy and security of user data.

Application and Data Security Assurance

We use Amazon Web Services (AWS) cloud services to ensure the security, integrity, and availability of our application and users’ data. AWS is a recognized cloud service platform that provides robust IT infrastructure and meets the highest standards of security and compliance.

AWS’s security certifications and assurances, such as ISO 27001, SOC 1, and SOC 2, allow us to create a secure environment to process and store data. Data is protected by robust access control mechanisms and encryption, both in transit and at rest, ensuring the privacy and security of users’ data at all times.

We continue to adhere to best practices in security and compliance, ensuring strict control and monitoring of data access.

Use of data from integrations

🔒 JIRA has a particularity where to retrieve a piece of information, we need a set of scopes that cover that information. For example, to get the issue, we need all Scopes related to issues to have permission.

  • jira-work
    • What it does: Enables reading of work information linked to issues.
    • Type: Read
    • Why we use it: Essential to obtain user details, list all projects, access Jira columns, list cards in columns organized by column name, view user comments on the board, view a specific card on the Jira board, and create a webhook to monitor if the card was reinserted on the board.
  • issue-type:jira
    • What it does: Enables reading of issue types.
    • Type: Read
    • Why we use it: Necessary to list all projects and access the Jira columns.
  • project:jira
    • What it does: Enables reading of project-related information.
    • Type: Read
    • Why we use it: Necessary to list all projects and create a webhook to monitor if the card was reinserted on the board.
  • project.property:jira
    • What it does: Enables reading of properties associated with projects.
    • Type: Read
    • Why we use it: Necessary to list all projects.
  • user:jira
    • What it does: Enables reading of user information.
    • Type: Read
    • Why we use it: Necessary to list all projects and view a specific card on the Jira board.
  • application-role:jira
    • What it does: Enables reading of information about application roles (roles) in Jira.
    • Type: Read
    • Why we use it: Necessary to list all projects and all users.
  • avatar:jira
    • What it does: Enables reading of avatars (profile images).
    • Type: Read
    • Why we use it: Necessary to list all projects, all users, view cards in columns organized by column name, view user comments on the board, and view a specific card on the Jira board.
  • group:jira
    • What it does: Enables reading of information about groups.
    • Type: Read
    • Why we use it: Necessary to list all projects and all users.
  • issue-type-hierarchy:jira
    • What it does: Enables reading of issue type hierarchies.
    • Type: Read
    • Why we use it: Necessary to list all projects.
  • project-category:jira
    • What it does: Enables reading of project categories.
    • Type: Read
    • Why we use it: Necessary to list all projects.
  • project-version:jira
    • What it does: Enables reading of project versions.
    • Type: Read
    • Why we use it: Necessary to list all projects.
  • project.component:jira
    • What it does: Enables reading of project components.
    • Type: Read
    • Why we use it: Necessary to list all projects.
  • jira-user
    • What it does: Similar to read:user:jira, enables reading of user information.
    • Type: Read
    • Why we use it: Necessary to obtain user details and list all users.
  • issue-details:jira
    • What it does: Enables reading of specific issue details.
    • Type: Read
    • Why we use it: Necessary to list the cards present in columns organized by column name.
  • audit-log:jira
    • What it does: Enables reading of the audit log.
    • Type: Read
    • Why we use it: Necessary to list the cards present in columns organized by column name and view user comments on the board
  • field-configuration:jira
    • What it does: Enables reading of field configurations.
    • Type: Read
    • Why we use it: Necessary
  • issue-meta:jira
    • What it does: Enables reading of metadata associated with issues.
    • Type: Read
    • Why we use it: Necessary to list the cards present in columns organized by column name, view user comments on the board, and view a specific card on the Jira board.
  • issue-security-level:jira
    • What it does: Enables reading of security levels associated with issues.
    • Type: Read
    • Why we use it: Necessary to view a specific card on the Jira board.
  • issue.vote:jira
    • What it does: Enables reading of votes associated with issues.
    • Type: Read
    • Why we use it: Necessary to view a specific card on the Jira board.
  • issue.changelog:jira
    • What it does: Enables reading of the issue changelog (change history).
    • Type: Read
    • Why we use it: Necessary to view a specific card on the Jira board.
  • issue:jira
    • What it does: Enables reading of issues.
    • Type: Read
    • Why we use it: Necessary to view a specific card on the Jira board.
  • status:jira
    • What it does: Enables reading of statuses.
    • Type: Read
    • Why we use it: Necessary to access the Jira columns and view a specific card on the Jira board.
  • issue-status:jira
    • What it does: Enables reading of the status associated with issues.
    • Type: Read
    • Why we use it: Necessary to access the Jira columns.
  • jira-webhook
    • What it does: Enables webhook management.
    • Type: Management
    • Why we use it: Necessary to create a webhook to monitor if the card was reinserted on the board.
  • field:jira
    • What it does: Enables reading of fields.
    • Type: Read
    • Why we use it: Necessary to create a webhook to monitor if the card was reinserted on the board.
  • webhook:jira
    • What it does: Enables the creation or modification of webhooks.
    • Type: Read and Write
    • Why we use it: Necessary to create a webhook to monitor if the card was reinserted on the board.
  • board-scope.admin:jira-software
    • What it does: Enables viewing of boards coming from Jira (column configuration).
    • Type: Read
    • Why we use it: To check the configuration of the Jira boards.

Bot Token Scopes

  • app_mentions:read
    • What it does: Views messages that directly mention @Kody in conversations where the app is present.
    • Type: Read
    • Purpose: Enables the bot to identify and respond to messages where it was mentioned.
  • channels:history
    • What it does: Views messages and other content in public channels that include Kody.
    • Type: History
    • Purpose: Provides context to the bot when activated, allowing relevant responses.
  • channels:join
    • What it does: Allows entry into public channels of a workspace.
    • Type: Write
    • Purpose: Enables the bot to join channels as needed.
  • chat:write
    • What it does: Sends messages as @Kody.
    • Type: Write
    • Purpose: Enables the bot to send messages to groups, channels, or direct conversations on behalf of the user Kody when requested.
  • commands
    • What it does: Adds shortcuts and/or commands that people can use.
    • Type: Read and Write
    • Purpose: Activates commands within the company’s workspace.
  • groups:history
    • What it does: Views messages and other content in private channels that include Kody.
    • Type: History
    • Purpose: Facilitates integrations that respond or initiate actions in other systems in private channels.
  • im:history
    • What it does: Views messages and other content in direct messages that include Kody.
    • Type: History
    • Purpose: Provides context to the bot for responses in direct messages.
  • im:read
    • What it does: Views basic information about direct messages that include Kody.
    • Type: Read
    • Purpose: Enables the bot to respond to direct messages.
  • mpim:history
    • What it does: Views messages and other content in group direct messages that include Kody.
    • Type: History
    • Purpose: Provides context to the bot for responses in group messages.
  • users:read
    • What it does: Views users in a workspace.
    • Type: Read
    • Purpose: Allows viewing user information and responding appropriately when requested.
  • channels:read
    • What it does: Views information about public channels in the workspace.
    • Type: Read
    • Purpose: Allows viewing the list of channels present on Slack.

User Token Scopes

  • users:read
    • What it does: Views users in a workspace.
    • Type: Read
    • Purpose: Views people in a workspace, used during team setup.
  • users.profile:read
    • What it does: Views details about people in the workspace.
    • Type: Read
    • Purpose: Allows reading information from the profiles of people in the workspace, used in the Slack setup process.

  • Repository
    • Commit statuses
      • Read access to the commit statuses.
      • Type: Read
      • Why we use it: We do not need this; it is used to check the commit status, if there is a failure, for example, to send a message to someone.
    • Contents
      • Read access to the repository content.
      • Type: Read
      • Why we use it: We do not need this (it allows Github to read the code of the repository).
    • Metadata → Mandatory Permission
      • Read access to the repository’s metadata.
      • Type: Read
      • Why we use it: Accesses non-critical data of the repository without intrusion, but it is used for purposes that, to my knowledge, we will not use (such as counting the number of repositories, observing the frequency of new repository creation, or analyzing metadata to understand trends).
  • Organization
    • Members
      • Read access to the members of the organization.
      • Type: Read
      • Why we use it: We need it to have information about who is in the organization and to be able to select the @ of each member during the flow.