Sprint Reports & Stakeholder Updates for Jira Privacy Policy
Last updated: March 24, 2026
Introduction
This Privacy Policy describes how Sprint Reports & Stakeholder Updates for Jira ("we", "our", "the App") handles information when you use our application on Atlassian Jira and Confluence. We are committed to protecting your privacy and being transparent about our data practices.
| Publisher | Maciej Jezierski |
| Address | ul. Krotka 1a / 18, 55-010 Radwanice, Poland |
| VAT ID | PL8961441465 |
Data We Access
Sprint Reports & Stakeholder Updates for Jira operates as an Atlassian Forge app within your Jira and Confluence instance. The only data we access is:
- Jira project context — project ID, board ID, sprint ID, and user account ID provided by the Atlassian Forge platform to determine which content to display.
- Jira sprint and version data — sprint issues, story points, statuses, assignees, epics, priorities, labels, and custom fields within the selected sprint or version. This data is read through the Jira REST API to generate reports.
- Confluence spaces and pages — space keys and page creation for publishing generated reports. Reports are published through the Confluence REST API.
- Forge SQL — generated reports, report metadata, archive entries, and configuration stored in Atlassian Forge's built-in SQL database, scoped to your Jira site.
- Forge storage — admin settings, organization API keys (encrypted in Forge secret storage), and project-level configuration stored in Atlassian Forge's key-value storage, scoped to your Jira site.
AI Processing
The App uses AI to generate reports from your sprint and version data:
- Built-in AI — when using the built-in provider, sprint data is sent to Google Gemini's API for report generation. No data is retained by the AI provider after processing.
- Bring Your Own Key (BYOK) — when your site administrator configures an organization API key, data is sent to the chosen provider. The API key is stored encrypted in Forge secret storage. Data retention is governed by the provider's terms (see links below).
The following Jira data is sent to the AI provider for report generation:
- Issue keys, summaries, statuses, story points, and issue types
- Assignee display names (included in team reports and workload breakdowns)
- Epic names, component names, priority values, and labels
- Linked issue details (key, summary, status) for blocked or dependent items
- Comment text (truncated to 300 characters) for flagged or blocked issues, including comment author names
- Sprint goals, resolution values, and scope change metadata
- Custom Jira field values, if configured by the project or site administrator
No credentials, API tokens, or data from unrelated projects is transmitted. The data sent is limited to the selected sprint or version scope.
AI Provider Privacy Policies
When using the built-in provider or BYOK, your sprint data is processed by one of the following third-party AI providers. Each provider's handling of API data is governed by their own privacy policy and terms of service:
| Google Gemini (built-in default) | Gemini API Terms · Privacy Policy |
| Anthropic (Claude) | Privacy Policy · Terms of Service |
| OpenAI (GPT) | Privacy Policy · Business Terms |
| DeepSeek | Privacy Policy · Terms of Use |
| Mistral | Privacy Policy · Terms of Service |
| Alibaba Cloud (Qwen) | Privacy Policy · Terms of Service |
| xAI (Grok) | Privacy Policy · Terms of Service |
| Together AI (Llama) | Privacy Policy · Terms of Service |
| Hugging Face | Privacy Policy · Terms of Service |
We encourage you to review your chosen provider's policies before configuring BYOK. When using the built-in provider, Google Gemini's API terms apply — Google does not use API data to train models (see Gemini API Additional Terms of Service).
Data We Do Not Collect
We do not collect, store, or process:
- Personally identifiable information (PII) beyond Jira account IDs and display names required for report generation
- Data from projects not actively viewed in the App
- Analytics, telemetry, or usage tracking data
- Cookies or browser fingerprinting data
Data Storage
All data is stored within Atlassian's infrastructure:
- Sprint and version data is read from Jira and never copied to external systems beyond the AI processing described above.
- App data (generated reports, archive, settings) is stored in Atlassian Forge SQL and Forge storage, scoped to your Jira site.
- We do not operate external databases, servers, or storage systems. The App runs entirely on the Atlassian Forge platform.
Data Controller & Processor
Your organization (the Jira site owner) is the data controller for personal data processed through the App. Maciej Jezierski (be4.software) is a data processor acting on behalf of the data controller. Atlassian acts as a sub-processor — the App processes personal data within the Atlassian Forge runtime, and all data storage is provided by Atlassian's infrastructure. Atlassian's own data processing terms apply to their role as sub-processor (see Atlassian DPA).
Third-Party Sharing
We do not share, sell, rent, or transfer your data to any third parties beyond the AI providers described above. No analytics services, advertising networks, or data brokers receive any information from the App.
Data Retention and Deletion
Generated reports (including assignee names, issue details, and AI-generated narrative) are stored in Forge SQL for a configurable retention period (default: 12 months, configurable from 3 to 24 months). A daily scheduled task automatically deletes reports older than the configured retention period.
When you uninstall the App:
- Forge SQL data (generated reports, archive, settings) is scheduled for deletion by Atlassian upon uninstallation. Atlassian's data retention and purge policies govern the actual deletion timeline.
- Published Confluence pages remain in your Confluence instance — they are standard Confluence content owned by your organization.
- No Jira data is modified or deleted by the App — your issues, sprints, and versions remain unchanged.
Data Security
We rely on Atlassian Forge's security infrastructure for all data protection:
- The App runs in Atlassian's sandboxed Forge environment with scoped permissions.
- All API communication uses HTTPS encryption.
- BYOK API keys are stored in Forge's encrypted secret storage, never in plaintext or application logs.
- The App does not store or log API tokens, user credentials, or sensitive data.
Children's Privacy
Sprint Reports & Stakeholder Updates for Jira is a business tool intended for use by organizations on the Atlassian Jira platform. We do not knowingly collect information from children under the age of digital consent in their jurisdiction (16 under GDPR, 13 under US COPPA).
Cookies
The App does not use cookies, local storage tokens, or any form of browser-side tracking. No cookie consent banner is required because no cookies are set.
Changes to This Policy
We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days' notice via the Atlassian Marketplace listing or email to your Jira site administrator. For non-material changes, updates will be posted on this page with an updated revision date. Continued use of the App after the notice period constitutes acceptance of the revised policy.
Contact
For questions about this Privacy Policy or our data practices, please contact:
| Name | Maciej Jezierski |
| Address | ul. Krotka 1a / 18, 55-010 Radwanice, Poland |
| VAT ID | PL8961441465 |
| contact@be4.software |