Privacy Policy

Last Updated: May 10, 2025

Introduction

IO Technology, LLC ("IO Technology," "we," "our," or "us") is committed to protecting your privacy and the security of your information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our "Issue Merger for JSM" application and related services (collectively, the "Services") available through the Atlassian Marketplace.

Our Services are built on Atlassian Forge using the "Runs on Atlassian" deployment model. This means all application code execution and primary data processing occur entirely within Atlassian's secure infrastructure, providing enhanced security and compliance.

By accessing or using our Services, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

Information We Process

Due to the "Runs on Atlassian" model, our application primarily processes data that already resides within your Jira instance. We do not operate separate databases or servers to store your Jira issue data.

1. Jira Issue Data (Customer Data):

  • When you use the Issue Merger for JSM, the application accesses and processes data from the Jira issues you select for merging. This includes, but is not limited to:

  • Issue fields (summary, description, assignee, reporter, priority, labels, custom fields, etc.)

  • Comments

  • Attachments

  • Issue links and history (as needed to perform the merge)

  • This data is accessed via Atlassian Forge's APIs, processed in memory during the merge operation, and used to update the target Jira issue as per your selections.

  • The app does not store a separate, persistent copy of your Jira issue content (fields, comments, attachment content) outside of the Atlassian infrastructure.

2. Configuration Data:

  • We store application-specific configuration data necessary for the app's operation, such as:

  • Authorized user groups for accessing the app.

  • Logging level preferences (e.g., verbose logging toggle).

  • This configuration data is stored securely within the Atlassian Forge storage allocated to the application.

3. Usage and Diagnostic Information (Log Data):

  • To provide, maintain, and improve our Services, and for troubleshooting purposes, our application generates logs. These logs may include:

  • Information about app invocation (e.g., which user initiated a merge, timestamp).

  • Details of the merge operation (e.g., source and target issue keys, fields selected for merge, number of comments/attachments processed).

  • Error messages and diagnostic information if an operation fails.

  • Anonymized or aggregated usage statistics regarding feature utilization.

  • We strive to minimize personal data in logs. While issue keys or user identifiers (like Atlassian Account ID) might be logged for diagnostic context, we avoid logging the actual content of sensitive issue fields (like full descriptions or comment bodies) unless explicitly configured for verbose debugging by an administrator and then only for temporary troubleshooting. Attachment content is never logged.

  • This log data is processed and stored within Atlassian's infrastructure (e.g., Atlassian's managed app logging services).

4. Information Provided by Atlassian:

  • When you install and use our Services via the Atlassian Marketplace, Atlassian provides us with certain information necessary for the app to function and for license management, such as:

  • Your Atlassian Account ID (for user identification within Forge).

  • Information about your Jira instance (e.g., instance URL, license status for our app).

  • Contextual information when the app is invoked (e.g., the issue key or project key from which the app is opened).

How We Use Your Information

We use the information we process for the following purposes:

  • To Provide and Maintain the Services: Primarily to perform the issue merging functionality as directed by you. This includes reading data from source issues, processing your selections, and updating the target issue.

  • To Manage Your App Configuration: To store and apply settings like authorized groups and logging preferences.

  • To Provide Customer Support: To respond to your inquiries and assist with troubleshooting, which may involve reviewing diagnostic logs (within Atlassian's infrastructure).

  • To Improve Our Services: To monitor application performance, identify bugs, analyze usage patterns (typically in an aggregated or anonymized form), and enhance features.

  • To Ensure Security and Compliance: To enforce our terms, prevent fraudulent activity, and adhere to Atlassian Marketplace policies.

  • To Communicate with You: To send important notices regarding the app, such as updates or critical security information (though most communication will be via Atlassian Marketplace channels).

Data Storage, Security, and Egress

  • "Runs on Atlassian" Model: Our application is built on Atlassian Forge and operates entirely within Atlassian's secure cloud infrastructure. All application code, data processing, and storage of app-specific configuration and logs occur within this environment.

  • No Data Egress of Jira Issue Content: The Issue Merger for JSM does not transfer your Jira issue content (fields, comments, attachments) outside of the Atlassian environment. This is a core security benefit of the Forge platform.

  • Security Measures: We rely on the robust security measures provided by the Atlassian Forge platform, which include:

  • Code execution in a sandboxed environment.

  • Authentication and authorization managed via Atlassian user accounts and permissions.

  • Secure storage for app configuration and logs managed by Atlassian.

  • Compliance with Atlassian's data handling and security standards.

Data Retention

  • Jira Issue Data: We do not retain your Jira issue data. The app processes it transiently during a merge operation. The data remains in your Jira instance as per your Jira instance's retention policies.

  • Configuration Data: We retain app configuration data as long as the app is installed in your Jira instance or as necessary to provide the Services.

  • Log Data: Diagnostic and usage logs are retained for a period necessary for troubleshooting, monitoring, and improving the Services (e.g., typically for a limited number of days or weeks as configured within Atlassian's logging services, unless a longer period is required for investigating a specific issue). We aim to delete or anonymize logs when they are no longer needed.

Sharing Your Information

Given our "Runs on Atlassian" model, your Jira issue data is not shared by our app with external third parties. App configuration and logs are also contained within Atlassian's infrastructure.

We do not sell your personal information.

Access to data by IO Technology personnel is strictly limited to what is necessary for troubleshooting, support, and service improvement, and such access occurs within the operational context of the Forge platform (e.g., viewing application logs provided by Atlassian).

In exceptional circumstances, information might be accessed if required by law or valid legal process, and such access would be managed in accordance with legal requirements and Atlassian's policies.

Your Rights and Choices

As the data processed by our app primarily resides within your Jira instance, your rights regarding that data (access, correction, deletion) are principally managed through your Jira instance and your Atlassian account.

  • Accessing and Correcting Your Jira Data: You can access and modify your Jira issue data directly within your Jira instance.

  • App Configuration: You can typically manage app configuration (like authorized groups) via the app's configuration page within Jira.

  • Log Data: While direct access to raw app logs by end-users is generally not provided (for security and operational reasons), you can contact us if you have specific concerns about data that might be in our logs.

  • Uninstalling the App: If you uninstall the app, it will no longer be able to access your Jira data. App-specific configuration stored by Forge may be removed according to Atlassian's data lifecycle for uninstalled apps.

For any requests or questions regarding your information in relation to our app, please contact us at privacy@io.technology.

International Data Transfers

All data processing by our application occurs within the Atlassian cloud infrastructure, in the region(s) where your Jira instance data is hosted. Our application itself does not initiate cross-border transfers of your Jira issue data. For details on Atlassian's data residency and transfer policies, please consult Atlassian's documentation and your agreement with Atlassian.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you, for example, by updating the "Last Updated" date at the top of this policy and potentially through an announcement on our Atlassian Marketplace listing or within the app itself. We encourage you to review this Privacy Policy periodically. Your continued use of our Services after any changes constitutes your acceptance of the revised Privacy Policy.

Data Protection Officer / Contact Information

If you have any questions, comments, or concerns about this Privacy Policy or our privacy practices, please contact our Data Protection Officer at:

IO Technology, LLC

Email: privacy@io.technology

Specific Atlassian Marketplace Requirements

  • Data Collected:

  • User Content: Jira issue data (summaries, descriptions, comments, custom fields, attachment metadata) as selected by the user for the purpose of merging issues. Attachment content is processed during copy operations but not stored by the app.

  • User Identifiers: Atlassian Account IDs of users interacting with the app (provided by Forge).

  • Configuration Data: App settings such as authorized groups and logging preferences.

  • Diagnostics: Application logs, error reports, and aggregated, anonymized usage metrics for service improvement and troubleshooting.

  • Data Storage: All data processed and stored by the app (configuration, logs) resides within the Atlassian Forge platform's secure storage. Jira issue content remains within your Jira instance.

  • Data Usage: Data is used solely to provide the issue merging functionality, maintain and improve the app, provide support, and for security and operational monitoring. We do not use your Jira issue content for any purpose other than performing the merge as you direct.

  • Security: The app relies on the security model of the Atlassian Forge platform ("Runs on Atlassian"), ensuring data remains within Atlassian's infrastructure, benefits from Atlassian's security controls, and does not egress to third-party systems managed by IO Technology. Authentication is handled via Atlassian accounts.