Try Free

SealDoc for Jira Privacy Policy

Last updated: March 15, 2026

Introduction

This Privacy Policy describes how SealDoc for Jira ("we", "our", "the App") handles information when you use our application on Atlassian Jira and Confluence. We are committed to protecting your privacy and being transparent about our data practices.

PublisherMaciej Jezierski
Addressul. Krotka 1a / 18, 55-010 Radwanice, Poland
VAT IDPL8961441465

Data We Access

SealDoc for Jira operates as an Atlassian Forge app within your Jira and Confluence instance. The only data we access is:

  • Jira project context — project ID, issue ID, and user account ID provided by the Atlassian Forge platform to determine which content to display.
  • Jira issues — issue summaries, descriptions, statuses, priorities, attachments, and custom fields within the selected project. This data is read through the Jira REST API to compute content hashes for electronic signatures.
  • Confluence pages — page titles and body content for Confluence signing. This data is read through the Confluence REST API to compute content hashes.
  • Forge SQL — electronic signatures, audit log entries, document approval status, user signing PINs (hashed), and safety classifications stored in Atlassian Forge's built-in SQL database, scoped to your Jira site.
  • Forge storage — admin settings and configuration stored in Atlassian Forge's key-value storage, scoped to your Jira site.

Data We Do Not Collect

We do not collect, store, or process:

  • Personally identifiable information (PII) beyond Jira account IDs and display names required for audit trail entries
  • Authentication credentials or tokens (signing PINs are stored as PBKDF2-SHA512 hashes, never in plaintext)
  • Data from projects not actively viewed in the App
  • Analytics, telemetry, or usage tracking data
  • Cookies or browser fingerprinting data

Data Storage

All data is stored within Atlassian's infrastructure:

  • Issue and page data is read from Jira and Confluence and never copied to external systems. Content hashes are computed on the Forge runtime and stored as SHA-256 digests.
  • App data (signatures, audit log, approval status, signing PINs, settings) is stored in Atlassian Forge SQL and Forge storage, scoped to your Jira site.
  • We do not operate external databases, servers, or storage systems. SealDoc runs entirely on the Atlassian Forge platform.

Audit Log

SealDoc maintains a tamper-evident, hash-chained audit log within Forge SQL that records every signature, approval, rejection, revocation, and configuration change. This log is stored solely within Atlassian's infrastructure and is accessible only to users with appropriate permissions. Audit entries are append-only at the application layer and are not edited or deleted by SealDoc.

Right of Access (GDPR Art. 15)

Users can request a copy of their personal data stored in SealDoc. SealDoc provides a "My Data" function in the admin page that returns all signatures, audit trail entries, and signing PIN metadata associated with your Jira account ID. No other users' data is included in the export. You can also contact your Jira site administrator for assistance.

GDPR Erasure

SealDoc supports GDPR right-to-erasure requests. When a user's data must be erased, their display name is anonymized in audit trail entries and signature records while preserving the cryptographic integrity of the hash chain. The hash chain is not broken by erasure — only display data is replaced.

Note: certain fields are preserved because they are inputs to the hash chain computation. Removing them would break the tamper-evident integrity of the audit trail. These fields are:

  • Signer affirmation — the typed name used to affirm signing intent (hash chain input).
  • Jira account ID — a pseudonymous identifier used as the signer identity in the hash chain.
  • Revoked-by account ID — the account ID of the user who revoked a signature, if applicable (audit trail integrity).

For customers subject to 21 CFR Part 11 or EU Annex 11, these fields are retained under the GDPR Art. 17(3)(b) exemption (compliance with a legal obligation requiring processing by the applicable regulatory framework). For other customers, retention is justified under Art. 17(3)(e) (establishment, exercise or defence of legal claims). Display names are anonymized; pseudonymous identifiers and hash chain inputs are retained to preserve data integrity.

Data Controller & Processor

Your organization (the Jira site owner) is the data controller for personal data processed through SealDoc. Maciej Jezierski (be4.software) is a data processor acting on behalf of the data controller. Atlassian acts as a sub-processor — SealDoc processes personal data within the Atlassian Forge runtime, and all data storage is provided by Atlassian's infrastructure. Atlassian's own data processing terms apply to their role as sub-processor (see Atlassian DPA). A standard Data Processing Agreement (DPA) is available covering GDPR Article 28 requirements.

Third-Party Sharing

We do not share, sell, rent, or transfer your data to any third parties. No analytics services, advertising networks, or data brokers receive any information from SealDoc for Jira.

Data Retention and Deletion

When you uninstall SealDoc for Jira:

  • Forge SQL data (signatures, audit log, approval status, signing PINs, settings) is scheduled for deletion by Atlassian upon uninstallation. Atlassian's data retention and purge policies govern the actual deletion timeline.
  • No Jira or Confluence data is modified or deleted by the App — your issues, pages, and content remain unchanged.

Data Security

We rely on Atlassian Forge's security infrastructure for all data protection:

  • The App runs in Atlassian's sandboxed Forge environment with scoped permissions.
  • All API communication uses HTTPS encryption.
  • Signing PINs are hashed with PBKDF2-SHA512 (600,000 iterations) and never stored in plaintext.
  • The App does not store or log API tokens, user credentials, or sensitive data.

Children's Privacy

SealDoc for Jira is a business tool intended for use by organizations on the Atlassian Jira platform. We do not knowingly collect information from children under the age of digital consent in their jurisdiction (16 under GDPR, 13 under US COPPA).

Cookies

SealDoc does not use cookies, local storage tokens, or any form of browser-side tracking. No cookie consent banner is required because no cookies are set.

Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days' notice via the Atlassian Marketplace listing or email to your Jira site administrator. For non-material changes, updates will be posted on this page with an updated revision date. Continued use of the App after the notice period constitutes acceptance of the revised policy.

Contact

For questions about this Privacy Policy or our data practices, please contact:

NameMaciej Jezierski
Addressul. Krotka 1a / 18, 55-010 Radwanice, Poland
VAT IDPL8961441465
Emailcontact@be4.software