User Agreement
On the User Agreement page in YouTrack, you can store a user agreement that is presented to users who log in to YouTrack. This lets you collect and track individual acceptance of an information notice, such as a set of terms and conditions or privacy policy. Use this feature to inform users of your policy for handling the personal data that is stored in YouTrack as outlined in the General Data Protection Regulation (GDPR) requirements for businesses that operate in EU member states.
Format User Agreement Text
YouTrack lets you format your user agreement using Markdown.
The user agreement supports the standard Markdown implementation as described in the CommonMark specification. Many of the extensions that are supported in issue fields are not available here. For details, see Markdown Syntax.
Enable a User Agreement
The purpose of this feature is to provide you with a means of collecting and tracking individual acceptance of your agreement or policy for handling personal information that is stored in YouTrack. When you enable the user agreement:
All users who log in to YouTrack are presented with the agreement. The agreement text is displayed as shown in the preview pane on the User Agreement page.
Users are presented with the option to accept or decline the agreement when they first log in after the agreement is enabled. If the agreement exceeds the amount of visible space in the dialog, the option to accept the agreement is not enabled until the user scrolls to the last line of the agreement.
Users who accept the agreement are granted access to YouTrack. The version number and date of acceptance are recorded in the profile of each user who accepts the agreement.
If a user declines the agreement, the user is logged out of YouTrack. To access the service, the user must log in again and accept the agreement.
To enable a user agreement:
From the Administration menu, select .
Enter or paste your agreement text in the input field.
You can format your agreement text using Markdown syntax.
The preview pane on the right displays the text as it will be shown in the agreement dialog.
Note that the agreement dialog only displays the agreement text and the buttons to Accept or Deny the agreement.
When you are ready to publish the agreement, click the Save button.
The user agreement is saved as a new minor version.
If you want to track acceptance for user accounts who access YouTrack using the REST API, enable the Require for REST API access option. For more information, see REST API Access and External Integrations.
Click the Enable agreement button.
The user agreement is enabled.
All users who log in to your YouTrack installation are presented with the agreement.
Users must accept the agreement to access the service.
The date of acceptance and version number of the current agreement are stored in the user profiles of users who accept the agreement.
Update the User Agreement
If you have minor updates to the user agreement that do not materially affect your practices with regard to the personal information that you have previously collected from users, you can edit the agreement text and publish a new minor version. Users who have accepted the previous minor version are not asked to accept the new version. Only users who have not accepted the previously published version of the agreement are presented with the updated version of the agreement.
To publish a new minor version of the agreement:
From the Administration menu, select .
Edit your agreement text in the input field.
Click the Save button.
Your user agreement is saved as a new minor version.
The date of acceptance and version number of the updated agreement are stored in the user profiles of users who accept the agreement.
If you change your strategy for handling personal information to include activities that were not disclosed in a previous version, you can update the agreement text and invalidate the current version. All users, including users who accepted the previous version of the agreement, are asked to accept the updated agreement to use the YouTrack service.
To publish a new major version and invalidate the previous agreement:
From the Administration menu, select .
Edit your agreement text in the input field.
Select the Invalidate current agreement option.
Click the Save button.
Confirm the action in the Invalidate Current Agreement dialog.
Your user agreement is saved as a new major version.
The previous version of the agreement is invalidated.
All users are asked to accept the updated agreement on their next attempt to log in to YouTrack.
The date of acceptance and version number of the updated agreement are stored in the user profiles of users who accept the agreement.
Tracking Changes to the User Agreement
To prove that you are working within the guidelines for data processing in case of an incident, you need to track each version of the user agreement and its date of publication. While YouTrack provides the interface for presenting an agreement and tracking its acceptance on a per-user basis, it is not intended for use as a version tracking tool. Instead, YouTrack gives you the option to download the agreement text. This lets you record the publication of this information together with agreements that you track for other sites in a central repository.
The following options are available from the Download menu in the header:
Option | Description |
---|---|
.txt | Downloads the current version of the agreement as a text file. The file contains the agreement text as formatted in Markdown syntax as it is shown in the input field on the User Agreement page. |
.html | Downloads the current version of the agreement in raw HTML. |
You can also track all the changes that have been applied to your user agreement in YouTrack.
To track changes to your user agreement:
From the Administration menu, select .
Click the Changes applied to User Agreement link in the header.
YouTrack opens the Audit Events page.
The page is filtered to show only events that are related to the user agreement.
To browse changes to the agreement, select an event from the list and view the changes in the Details sidebar. The sidebar displays the Author, Timestamp, and a set of Changes that were applied to the agreement.
To export the complete set of changes that have been applied to the agreement, select all the audit events and click the Download as .json button.
An
events.json
file downloads to your local directory.This file contains a complete list of all the changes that have been applied to the user agreement in JSON format.
Tracking User Acceptance
Another means of proving that you work within the guidelines for data processing is the ability to track user acceptance of the agreement. In YouTrack, this information is displayed in the Hub account for each user.
The YouTrack profile displays the latest version of The following information is recorded in YouTrack:
If the user has not yet accepted an agreement, the User agreement shows that acceptance of the current version is pending.
If a user has accepted the current version of the agreement, the User agreement displays the accepted version number and the date and time when the user accepted the agreement.
If the user accepted a version of the agreement that has been invalidated, the User agreement shows the version number and date and time of the previously accepted version. The field also shows that acceptance of the current version is pending.
REST API Access and External Integrations
This User Agreement feature includes an option to require acceptance of the agreement to access YouTrack using the REST API. When enabled, user accounts that are created for integration or automation purposes can be blocked when the agreement is enabled or updated. This can result in unexpected login failures for external applications that are integrated with YouTrack.
If you enable the Require for REST API access option, you need to log every integration user into YouTrack through the user interface after the user agreement is enabled. You must also do the same every time the current version of the agreement is invalidated and replaced with a new major version.
If you wish to avoid this annoyance, disable the Require for REST API access option.