Data Processing Scope
Nextedy products process only the data that exists within Polarion. The scope is limited to:- Work item fields — Reading and writing field values (e.g., risk ratings, requirements text, status)
- Work item links — Creating and querying traceability links between items
- Document structure — Rendering and organizing LiveDoc content
- Configuration — Reading project-level sheet and model configurations from the
.polarion/directory
- Collect personally identifiable information (PII) beyond what Polarion already stores
- Create or maintain separate user databases or user profiles
- Transmit data to external services, analytics platforms, or third-party APIs
- Store data outside of Polarion’s storage layer
- Track user behavior, usage patterns, or telemetry
Personal Data in Polarion
Polarion stores user information as part of its standard operation (usernames, email addresses, role assignments, activity history). Nextedy products may read this data — for example, displaying the author of a work item or the assignee of a task — but only within the Polarion user interface and only for users who have permission to see it. Nextedy products do not copy, export, or aggregate this personal data. The data remains in Polarion and is subject to Polarion’s access control.GDPR Compliance
Because Nextedy products do not independently collect, store, or process personal data, GDPR compliance is managed at the Polarion platform level:
Nextedy does not act as an independent data controller or data processor. Each product operates as a component of the Polarion platform, which is governed by the customer’s existing data protection framework.
Data Residency
- On-premise deployments — The customer has full control over data residency. All Polarion data, including data managed by Nextedy products, resides on the customer’s own infrastructure in the jurisdiction of their choice.
- Polarion X deployments — Data residency is determined by the Siemens Polarion X hosting region selected by the customer. Nextedy products do not influence or override the hosting region.
No Third-Party Data Sharing
Nextedy products do not share data with any third party. There are no:- Analytics or tracking integrations
- Advertising or marketing data flows
- External API calls from the products to non-Polarion services
- Telemetry or usage reporting to Nextedy servers