This Privacy Policy explains how Access Governance for Jira (the “app”) handles data. The app is built on Atlassian Forge, distributed through the Atlassian Marketplace, and is designed so that your data never leaves the Atlassian platform.
For data processed through the app, you (the customer organization) are the data controller and we act as a data processor on your behalf. Our processing is also governed by our Data Processing Addendum.
To provide its features, the app reads — on a strictly read-only basis — your Jira access and permission configuration, which may include:
Derived and cached data is stored only in Atlassian-hosted Forge storage, within Atlassian’s environment. The app declares no external network permissions, so no data is transmitted to us or any third party outside the Atlassian platform.
The app runs inside Atlassian’s products and relies on Atlassian’s platform cookies for session and security. We do not set our own tracking or advertising cookies.
Customer data is held only in Atlassian-hosted Forge storage and is deleted when the app is uninstalled, in accordance with Atlassian’s Forge platform data lifecycle.
We use Atlassian as the platform and hosting provider; we use no other subprocessors for customer personal data. See our Subprocessors page.
Depending on your jurisdiction (e.g., GDPR, UK GDPR, CCPA), you may have rights to access, correct, or delete personal data. Because we process data on behalf of your organization, please direct such requests to your Jira administrator (the controller); we will assist them as described in our DPA. You may also contact us at privacy@citizenkade.com.
We act as a “service provider” and process personal information only to provide the app on your organization’s behalf. We do not sell or share personal information, and we do not use it for cross-context behavioral advertising or for any purpose other than providing the service.
We act as a processor on the documented instructions of your organization (the controller), whose lawful basis governs the processing. We retain personal data only for the period described above and delete it on uninstall. You have the right to lodge a complaint with your local supervisory authority. Cross-border transfer terms, where applicable, are addressed in our DPA.
The app is a business administration tool and is not directed to children.
We may update this Policy to reflect changes to the app or applicable law. Material changes will be reflected by an updated version number and date above.