VMware, Inc.

United States

We retain all project and story data indefinitely—regardless of account or subscription payment status—until a given account is explicitly deleted by the account owner, or an account administrator, using the delete this account link on the Account Settings page. Activity history for stories and projects are retained for 25 months, however only the last 6 months of history are displayed for projects in accounts on free, startup and standard plans. Projects in Enterprise accounts can access all available history. We retain all user login profile data indefinitely—regardless of account or subscription payment status—until a request is made to support@pivotaltracker.com to remove it. Please see “Deleting and removing your data” below for more details.

When an account is deleted by the account owner or an account administrator, all contained project data is deleted and is no longer accessible. Pivotal Tracker accounts, projects, individual stories and attachments to those stories can all be deleted (by users with the correct permissions). Additional data deletion requests can be made by contacting privacy@vmware.com. All deleted story, project and account data is subject to permanent removal from the Tracker database 90 days after online deletion. Tracker user logins can be removed by contacting support@pivotaltracker.com. We retain the name and initials in order to keep the history of project and story activity intact in Tracker. This is to avoid confusion about who worked on stories in Tracker and allows an organization to audit activity accurately. However a user can change their name and initials in their Tracker Profile before making the removal request. All deleted login data is subject to permanent removal from the Tracker database 30 days after deletion.

Tracker project data is stored using GCP database services (CloudSQL), for which at-rest encryption is automatically provided. In addition to at-rest encryption provided by GCP, we adhere to industry-best practices with respect to secure password storage at the database level, currently via a bcrypt adaptive hash algorithm that incorporates “salting” to make brute-force attacks extremely difficult. Other credentials (e.g., those used for external integrations) are stored using two-way AES encryption. File attachments are stored on an encrypted AWS S3 bucket.

United States

The Pivotal Tracker production environment runs in a multi-zone cluster within a Virtual Private Cloud (VPC) on Google Cloud Platform (GCP), in the US Central (Iowa) Region. Pivotal Tracker relies on a number of high-availability, scalable GCP services, including Google Compute Engine for computing resources, Google Cloud Storage (GCS), Google Cloud CDN and Google Cloud SQL for data storage. Pivotal Tracker utilizes Amazon Web Services (AWS) Scalable Storage System (S3) for file attachments. Google Cloud Platform compliance and security documentation can be found on the Google Cloud Platform Security and Compliance site. Amazon Web Services compliance and security documentation can be found on the AWS Compliance site. Pivotal Tracker does not store any customer credit card information. Credit cards are stored in a secure manner by Stripe, our PCI-compliant payment processor and gateway, and are referenced by token only.

Google Cloud Platform

yes

Tracker user logins can be removed by contacting privacy@vmware.com. We retain the name and initials in order to keep the history of project and story activity intact in Tracker. This is to avoid confusion about who worked on stories in Tracker and allows an organization to audit activity accurately. However a user can change their name and initials in their Tracker Profile before making the removal request. Pivotal Tracker accounts, projects, individual stories and attachments to those stories can all be deleted (by users with the correct permissions). Additional data deletion requests can be made by contacting privacy@vmware.com.

no

yes

yes

tracker@pivotal.io

yes

yes

no

no

no