ArdSaor

AI Clearance Privacy Policy

AI Clearance processes Atlassian and administrator-provided data to govern AI tool access requests, approvals, grants, recertification, connector-backed provisioning, and audit evidence.

1. Scope

This Privacy Policy applies to AI Clearance, the ArdSaor app for Jira and Jira Service Management. It covers AI Clearance request intake, approval routing, catalog governance, access grants, recertification, audit logs, reporting, and optional Okta or Microsoft Entra connector-backed provisioning.

This page supplements the broader ArdSaor Privacy Policy. The broader policy covers website, support, and portfolio-wide privacy practices that are not specific to AI Clearance.

2. Data AI Clearance processes

Depending on how a customer configures AI Clearance, the app may process the following categories of data:

  • Jira site, installation, project, request type, issue, request, approval, grant, and audit identifiers.
  • Atlassian account IDs, display names, and actor identifiers for requesters, approvers, administrators, and audit actors.
  • AI tool request details, including selected tool, requested new tool name or URL, requested duration, purpose, approval decision, policy match, lifecycle state, and timestamps.
  • Catalog and governance configuration, including tool names, risk levels, duration limits, approval rules, policy versions, connector association, and entitlement-group metadata.
  • Provisioning job state, retry state, provider result metadata, and reconciliation metadata needed to show whether a connector-backed action succeeded or needs follow-up.
  • Admin-managed external identity mappings used to match an Atlassian user to an Okta or Microsoft Entra user for connector-backed provisioning.

3. How the data is used

  • To capture and evaluate AI tool access requests.
  • To route requests through configured approval, security review, and administrator review rules.
  • To create, update, expire, revoke, recertify, and report on AI Clearance access grants.
  • To maintain governance logs and audit evidence for customer administrators.
  • To run connector-backed provisioning, deprovisioning, and access checks when a customer enables Okta or Microsoft Entra connectors.
  • To provide operational support, troubleshoot app behavior, and respond to security or privacy requests.

AI Clearance does not sell customer data, does not use customer Atlassian data to advertise unrelated products, and does not use Jira email as an automatic fallback when privacy settings make email unavailable.

4. Connector-backed privacy details

Connector-backed provisioning is optional. When enabled, AI Clearance uses backend egress from Forge functions to ArdSaor Core so ArdSaor Core can call the customer’s configured Okta or Microsoft Entra tenant for group membership actions.

  • The external identity mapping is managed by administrators and is often a provider login, email, username, UPN, or other identity-provider value.
  • Provider credentials and connector secrets are not exposed to browser code.
  • AI Clearance uses the provider identity and entitlement group only for the configured connector action.
  • AI Clearance does not automatically assign Okta or Entra apps, roles, licenses, or resources to groups.
  • AI Clearance does not provision generic AI-vendor accounts unless the customer’s configured provider group controls that entitlement.

5. Storage and retention

  • AI Clearance stores app records in Forge storage, including requests, grants, jobs, audit events, governed assets, policies, connector metadata, and rollups.
  • Connector credentials and sensitive identity values use Forge secret storage or approved backend secret storage.
  • Detailed operational records are periodically swept according to the app’s retention rules; detailed records default to 90 days where detail-retention cleanup applies.
  • Audit retention defaults to 365 days unless configured differently for the environment, with a minimum of 30 days and maximum of 3650 days.
  • External identity retention follows audit retention unless a separate external-identity retention value is configured.
  • Insight rollups are retained for trend reporting and default to 24 months.

6. Sharing and subprocessors

For connectorless operation, AI Clearance runtime data is processed within Atlassian Forge. For connector-backed operation, Forge functions send the data needed for the configured action to ArdSaor Core, and ArdSaor Core calls the customer’s configured Okta or Microsoft Entra tenant. Support interactions may also involve ArdSaor support systems described in the broader ArdSaor Privacy Policy.

7. Customer and administrator controls

  • Customer administrators control whether AI Clearance is installed, which Jira Service Management intake is used, which tools are requestable, and which policies apply.
  • Customer administrators control connector configuration, identity mappings, and connected tool group setup.
  • Customer administrators can disable connectors to stop new automated provider actions.
  • Customer administrators can request deletion or correction through ArdSaor privacy contact channels, subject to customer instructions and legal retention obligations.

8. Contact

For AI Clearance privacy questions, contact ArdSaor through the privacy contact process in the ArdSaor Privacy Policy. Include the app name, affected Jira site, and relevant request or issue context. Do not send connector secrets or provider credentials by email.

9. Related policies