Hipchat: Right to data portability

Under limited circumstances, Article 20 of the GDPR allows a data subject to make a request of a data controller to transfer their personal data to another service provider. The right of the data subject to make this request under Article 20 is highly contextual and you should seek the advice of legal counsel in processing any such request. If you do require the ability to provide personal data in a format as required under Article 20, we suggest you use the content export functions available within the product to do so.

Description

The following document describes how the data that may contain user personal data stored by Hipchat can be exported by Administrator or by the Data Subject in machine-readable format (JSON).

Workaround

In this process, you will create an API token for Hipchat which you will use to export your data.

in Hipchat Data Center in Hipchat Server
  1. Log in to your Hipchat instance.
  2. Click My Account in the left navigation bar.
  3. Click the API tokens tab. You may need to confirm your password to continue.
  4. Locate the Create new token section.
  5. In the Label field, enter a new token name, for example MyGDPR.
  6. Choose the View Group scope for your new token
  7. Click Create.
  8. Copy the new API token to your clipboard.
  1. Log in to your Hipchat instance.
  2. Click the  Edit Profile button.
  3. Click the API access tab. You may need to confirm your password to continue.
  4. Locate the Create new token section.
  5. In the Label field, enter a new token name, for example MyGDPR.
  6. Choose the View Group scope for your new token
  7. Click Create.
  8. Copy the new API token to your clipboard.

Next, switch to the command line to complete the export.

  1. Issue the following API request using the curl utility, replacing the placeholders in the sample below with the real values.

    Placeholder Explanation Example
    $MY_INSTANCE_FQDN The domain name of your Hipchat instance hipchat.example.com
    $MY_EMAIL Email address of the user to export
    (This will be your email, unless you are Hipchat Administrator exporting data for another user.)
    user@example.com
    $API_TOKEN The new API token you generated in the previous steps.
    curl command example
    curl https://$MY_INSTANCE_FQDN/v2/user/$MY_EMAIL?auth_token=$API_TOKEN
  2. You'll see the user data output in machine readable (JSON) format, like the following example.

    Example user data in JSON format
    {
      "created": "2015-05-27T04:19:21+00:00",
      "email": "user@example.com",
      "group": {
        "id": 1,
        "links": {
          "self": "https://hipchat.example.com/v2/group/1"
        },
        "name": "Coconut"
      },
      "id": 2664,
      "is_deleted": false,
      "is_group_admin": true,
      "is_guest": false,
      "last_active": "2018-05-01T21:45:15+0000",
      "links": {
        "self": "https://hipchat.example.com/v2/user/2664"
      },
      "mention_name": "JaneDoe",
      "name": "Jane Doe",
      "photo_url": "https://hipchat.example.com/files/photos/2664/rNCwB3hh5YRWtbJ_125.jpg",
      "presence": {
        "client": {
          "type": "http://hipchat.com/client/web",
          "version": "4.31.2"
        },
        "is_online": true,
        "show": "chat"
      },
      "roles": [
        "admin",
        "user"
      ],
      "timezone": "America/Chicago",
      "title": "",
      "version": "J4Y64M87",
      "xmpp_jid": "1_2664@hipchat.example.com"
    }

Limitations

  • Third party add-ons may store user personal data in their own data stores, and this document does not cover those cases.
  • The personal data in the Audit Log is not accessible via API for security reasons, and cannot be exported in machine-readable format. Only Hipchat Administrators have access to Audit Log. If a users requires this data, they can request it from the Hipchat Administrator.

Additional notes

There may be limitations based on your product version.

Note, the above-related GDPR workaround has been optimized for the latest version of this product. If you are running on a legacy version of the product, the efficacy of the workaround may be limited. Please consider upgrading to the latest product version to optimize the workarounds available under this article.

Third-party add-ons may store personal data in their own database tables or on the filesystem.

The above article in support of your GDPR compliance efforts applies only to personal data stored within the Atlassian server and data center products. To the extent you have installed third-party add-ons within your server or data center environment, you will need to contact that third-party add-on provider to understand what personal data from your server or data center environment they may access, transfer or otherwise process and how they will support your GDPR compliance efforts.

If you are a server or data center customer, Atlassian does not access, store, or otherwise process the personal data you choose to store within the products. For information about personal data Atlassian processes, see our Privacy Policy.

Last modified on May 11, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.