All posts by Kerika

About Kerika

Kerika is work management for Lean, Agile and Distributed Teams.

Updates to our Privacy Policy

We are making some changes to our Privacy Policy to get ready for some new analytics work we are planning to do. Here’s a summary of what’s changing, and why.

Using Amplitude for Product Analytics

We will use Amplitude to help us understand better how our users actually use Kerika, so that we can make better product decisions. In order to use Amplitude’s analytics, we need to send this information to their servers:

  1. An internal Kerika User ID: it is not your name, email or any other personal information.
  2. A device ID: this identifies each session, and doesn’t include any personal information either.
  3. Events (mouse clicks) that take place when someone uses Kerika: they tell us which parts of the Kerika software are being used, how often, and in which sequence.

Here’s an example:

Amplitude-data
Amplitude data

On the left side of this screen we can see that this user has been creating a series of boards, and that that our server had a fast response each time. We can see from the right side this was in California; if someone else were to complain about Kerika being slow, we could determine if it is a regional problem or a global one.

We have signed a strong protection agreement with Amplitude to protect our users’ privacy; you can find it online here.

Using Sentry for Error Tracking

We use Sentry to help us track and debug errors because we want to fix every single error that occurs, even when users don’t notice anything. (Which they don’t, 95% of the time .)

Using Sentry helps Kerika log every single thing that goes wrong. Here’s an example:

Example of Sentry Error
Example of Sentry Error

This example is of a temporarily broken connection. No one actually complained because Kerika restores connections automatically, but it’s still useful for us to know where inside the Kerika app the error was detected (the URL), and the context of the user:

  • IP Location helps us understand whether there is a regional problem or a global one.
  • Browser and operating system is very helpful in debugging problems that lurk within specific browser versions. In this example, the user is using a very outdated version of Firefox (v68 instead of v73).

Using Google for Website Analytics

This hasn’t changed in years, but we thought we would reiterate it here so you have a complete picture of your privacy protections. We use Google Analytics to help us understand how people find us and which parts of the website are browsed most often.

It turns out that even though we have over a hundred website pages, just a few ever get visited. Oh, well.

Guarding against XSS code injection

We had posted earlier about making sure that (malicious) users cannot inject code into Kerika, in any of the areas where user input is possible.

Here’s the complete list of user actions that we are checking for XSS injecton now:

  1. Board Name
  2. Board Description
  3. Template Name
  4. Template Description
  5. Tag Name
  6. Card Attachment Name
  7. Board Attachment Name
  8. Card Chat
  9. Board Chat
  10. Column Name
  11. Task Name/Detail
  12. Canvas Text
  13. Canvas Attachment Name
  14. Canvas Shape/Object Name
  15. Account Name
  16. Account Billing Information
  17. User’s Name