Skip to main content

Data Processing Scope

Nextedy Apps process only the data that exists within Polarion. The scope is limited to:
  • Work item fields — Reading and writing field values (e.g., risk ratings, requirements text, status)
  • Work item links — Creating and querying traceability links between items
  • Document structure — Rendering and organizing LiveDoc content
  • Configuration — Reading project-level sheet and model configurations from the .polarion/ directory
Nextedy Apps do not:
  • Collect personally identifiable information (PII) beyond what Polarion already stores
  • Create or maintain separate user databases or user profiles
  • Transmit data to external services, analytics platforms, or third-party APIs
  • Store data outside of Polarion’s storage layer
  • Track user behavior, usage patterns, or telemetry

Personal Data in Polarion

Polarion stores user information as part of its standard operation (usernames, email addresses, role assignments, activity history). Nextedy Apps may read this data — for example, displaying the author of a work item or the assignee of a task — but only within the Polarion user interface and only for users who have permission to see it. Nextedy Apps do not copy, export, or aggregate this personal data. The data remains in Polarion and is subject to Polarion’s access control.

GDPR Compliance

Because Nextedy Apps do not independently collect, store, or process personal data, GDPR compliance is managed at the Polarion platform level:
GDPR RequirementHow It Is Addressed
Lawful basis for processingDetermined by the customer’s Polarion deployment and data processing agreements
Data subject rights (access, rectification, erasure)Handled through Polarion’s user management and data administration tools
Data protection by designNextedy’s architecture ensures no additional PII processing beyond Polarion
Data processing agreementsBetween the customer and Siemens (for Polarion X) or managed internally (for on-premise)
Data breach notificationCovered by Nextedy’s incident management process for app-related issues; platform-level breaches handled by the infrastructure owner
Nextedy does not act as an independent data controller or data processor. The app operates as a component of the Polarion platform, which is governed by the customer’s existing data protection framework.

Data Residency

  • On-premise deployments — The customer has full control over data residency. All Polarion data, including data managed by Nextedy Apps, resides on the customer’s own infrastructure in the jurisdiction of their choice.
  • Polarion X deployments — Data residency is determined by the Siemens Polarion X hosting region selected by the customer. Nextedy Apps do not influence or override the hosting region.
In both cases, no data is transmitted outside the Polarion environment by Nextedy Apps.

No Third-Party Data Sharing

Nextedy Apps do not share data with any third party. There are no:
  • Analytics or tracking integrations
  • Advertising or marketing data flows
  • External API calls from the app to non-Polarion services
  • Telemetry or usage reporting to Nextedy servers
The app operates entirely within the Polarion server boundary.