Privacy Policy

1. Overview

ArdSaor is the service provider and Marketplace Partner responsible for our apps and the ardsaor.com website (together, the Services). We act as data controller for Site interactions and a data processor when storing or processing Atlassian data on behalf of a customer account. This Policy covers Forge-hosted apps installed in Jira Cloud and any related support channels.

2. Service provider & architecture

Our Atlassian Cloud apps use Atlassian Forge for app runtime, storage, and invocation pipelines. Baseline app operation keeps app state in Atlassian-managed infrastructure unless you explicitly export data or request support assistance that requires a copy to leave the environment.

AI Clearance can also run in connected mode when an administrator intentionally configures it. In connected mode, AI Clearance sends Forge Remote requests to ArdSaor Core for connector testing, tenant binding, identity matching, and configured-group add, remove, or check actions. Those requests may include cloud ID, connector metadata, grant metadata, subject identifiers, external identity values, configured group metadata, and limited operational context. Connector credentials are stored through Forge secret storage and are used only for the configured Okta or Microsoft Entra group connector.

TaskPort uses Forge app runtime and documented ArdSaor Core egress for Notion authorization, encrypted Notion token storage, and Notion content resolution. TaskPort reads the selected Notion pages or database rows needed to create approved Jira issues. It does not run a two-way sync or write Jira keys back into Notion.

3. Atlassian Cloud data we access

Depending on the app and features you enable, the Services may read or write the following Atlassian data categories:

• Issue fields and custom field values
• Issue changelog entries and workflow history
• Issue comments and worklog summaries
• Project, service project, portal, board, sprint, and Confluence space metadata
• User display names, account IDs, and avatars made available through Jira APIs
• Governance configuration, request metadata, approval decisions, access grants, recertification state, and audit events
• Connector configuration references and external identity mappings when connected provisioning is configured

We request only the OAuth scopes required to deliver the selected features and never intentionally collect data unrelated to those use cases.

4. How we use Atlassian data

Access to Atlassian content is automated and scoped to the installation. Data is processed to power app features such as AI access intake, approvals, grants, provisioning follow-up, access reviews, evidence exports, metrics, decision logs, and configuration insights. We do not sell or share Atlassian data, nor do we use it to market other products. Only personnel with a legitimate operational need, for example supporting an admin ticket, can view customer data, and access is logged.

5. Storage, security, and access controls

Forge storage is used for app settings, catalog entries, access requests, grants, calculated metrics, decision log entries, TaskPort templates, filter presets, run history, audit records, and duplicate-tracking metadata. Forge secret storage is used for connector credentials, external identity secret values, and audit-chain secret material. ArdSaor Core stores encrypted Notion tokens and short-lived Notion resolution cache rows for TaskPort; page bodies are not persisted to the shared Core cache. Atlassian encrypts Forge data at rest and in transit. The AI Clearance runtime path calls ArdSaor Core through Forge Remote, and Core validates the Forge Invocation Token before resolving tenant authorization. HMAC signing is retained for TaskPort, non-FIT Core clients, and direct operational smoke scripts. We layer Atlassian’s platform protections with least-privilege internal access, enforced MFA, code reviews, dependency scanning, and redaction controls for operational logs.

6. Telemetry and support logs

Operational telemetry captured by Atlassian may include timestamps, component identifiers, and anonymised request IDs. When you open a support ticket, we may request logs that contain Jira issue keys or user display names. Logs reviewed outside Atlassian’s cloud are retained for up to 30 days, redacted to remove unnecessary identifiers, and then securely deleted unless law requires longer retention.

7. Retention and deletion

Forge storage retains app data while the installation remains active. Uninstalling the app revokes app access and stops new app processing, but we do not currently claim an automatic Forge-storage purge within a fixed number of days. TaskPort uninstall triggers a Core tenant purge for encrypted Notion tokens and short-lived cache rows. Administrators may request deletion or verification through the privacy or support channel, and residual platform records are handled through Atlassian Forge platform behavior and our deletion process. Support correspondence and diagnostic data are kept only as long as necessary to close the request or as required for legal defense.

8. Choices for admins and users

Site visitors and app users may request access, correction, deletion, restriction, or portability of personal data where applicable law grants those rights. Jira administrators can revoke Forge app access at any time through Atlassian’s admin console, which immediately prevents further data processing. Requests can be sent to our privacy inbox, and we respond within 30 days (or faster where law requires).

9. Atlassian consent & scopes

Only Jira Cloud administrators can install the app. During installation we disclose the scopes requested and rely on the admin’s consent to access data within those scopes. Our practices comply with the Atlassian Marketplace Partner Agreement, including privacy, security, and audit obligations.

10. Sharing & subprocessors

Baseline Forge app runtime is hosted by Atlassian. When AI Clearance connected mode is configured, ArdSaor Core processes the minimum payload needed to execute configured-group membership actions, and the configured identity provider, currently Okta or Microsoft Entra, processes the corresponding group membership operation. For TaskPort, ArdSaor Core processes Notion OAuth/token operations and selected Notion content resolution needed to create approved Jira issues. Email, ticketing, and productivity tools, currently Microsoft 365 and Linear, may store your contact details when you interact with our support team. Each provider is bound by appropriate data-processing and security commitments.

11. Incident response

We maintain an incident response process with escalation procedures. If we confirm unauthorised access to Atlassian data, we will notify affected customers and Atlassian within 72 hours, provide remediation steps, and keep you informed until closure.

12. International transfers

When Atlassian stores data in different regions, transfers occur under Atlassian’s regional arrangements and standard contractual clauses. Connected-mode AI Clearance requests and TaskPort Notion connection/content-resolution requests currently use ArdSaor Core infrastructure hosted in AWS US West 2 unless we publish a different deployment. Other support or operational data handled outside Atlassian is processed under appropriate contractual and technical safeguards.

13. Children

The Services are not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect information from children.

14. Changes

We update this Policy when we release new functionality or change data practices. The effective date reflects the latest revision. Material updates will be communicated through in-product notices, admin email, or our Trust page before they take effect.

15. Contact

Contact ArdSaor at our privacy inbox. We will coordinate with your organisation to resolve any privacy questions.