top of page

Privacy Policy

 

Data Quality Score for Jira by SysWisdom.AI LLC

 

Last Updated: March 9, 2026

 

1. Introduction

This Privacy Policy explains how the Data Quality Score for Jira App (referred to as "the App") handles your personal data and customer information. We are committed to earning your trust by being transparent about our data practices.

 

Our Core Principle: Stateless, Zero-Storage Architecture

The App does not store file data on our servers. We read files temporarily in-memory for real-time analysis and then immediately discard them. The only persistent data stored is the analysis results (quality scores and summaries), which are securely kept in your Jira instance using Atlassian Forge storage.

2. Data We Collect

Our App is designed with a stateless architecture, meaning we analyze files but do not permanently save or "persist" the file content on our servers.2.1 Temporary Data (Read-Only, Not Stored)

 

This data is processed in-memory for analysis and immediately deleted afterward:

  • File Contents: Data files you upload are read solely for real-time quality analysis and are not stored on our servers after the analysis is complete.

  • Analysis Parameters: File name, size, MIME type, Jira issue key, project key, and threshold setting (transmitted only during the analysis request).

2.2 Persistent Data (Stored Only in Your Jira Instance)

This data is stored securely in your Jira instance via Atlassian Forge:

  • Analysis Results: Summary scores and quality findings are stored in Atlassian Forge storage (not on our external servers) and are accessible only by your Jira instance.

  • Configuration Data: API credentials and analysis preferences are stored in Forge's encrypted secure storage.

2.3 Technical & Operational Data (Logs)

These logs are retained for a limited time for maintenance and security:

  • Request Logs: Temporary logs including request ID, timestamp, analysis duration, and status (retained for 90 days for debugging).

  • Error Logs: Failure information is logged only when an analysis encounters an issue (retained for 90 days).

  • No personal data retention: We do not log or store user identity information.

2.4 Data We Do NOT Collect or Store

  • No file caching: Files are not archived, backed up, or retained after analysis.

  • No personal information: We do not intentionally collect or store names, emails, or other Personally Identifiable Information (PII).

  • No tracking: We do not use tracking pixels, cookies, or third-party analytics trackers.

  • No server-side storage: All file content processing is stateless and temporary ("ephemeral").

3. How We Use Data

3.1 Primary Uses

  • Real-Time Analysis: Files are read and analyzed in-memory to immediately generate and return quality scores.

  • Result Delivery: Analysis results are stored in Atlassian Forge and displayed within your Jira issue.

  • Automated Issue Creation: The App can automatically create bug tickets if a quality score falls below your configured threshold.

 

3.2 File Processing (Stateless)

  • Files are processed through a secure HTTPS POST request to our Google Cloud Run service.

  • The file is decoded (from base64), analyzed in-memory, and immediately discarded.

  • Only the analysis summary/score is returned to Jira.

  • We guarantee no persistent server-side storage of file contents.

 

3.3 Secondary Uses

  • Error Logs: Retained only for troubleshooting and ensuring service reliability.

  • Service Monitoring: Used to monitor the health and performance of the Cloud Run service.

  • Security: Used to detect and prevent unauthorized access using API key authentication.

 

3.4 Data NOT Shared

  • We do NOT sell or monetize your data.

  • We do NOT use your data for marketing or advertising (outside of in-App service notices).

  • We do NOT provide data to third parties for their independent purposes.

 

4. Data Retention and Deletion

4.1 Storage Duration

  • Analysis Results: Stored indefinitely in Atlassian Forge storage until you choose to delete them.

  • Usage Metrics: Retained for 12 months for performance analytics.

  • Error Logs: Retained for 90 days and then automatically deleted.

  • Backup/Archive: Data is not backed up beyond Atlassian Forge's standard durability features.

 

4.2 Deletion

  • You can delete individual analysis results directly within the App.

  • You may request complete data removal by submitting a Data Subject Access Request (DSAR).

  • Upon deletion, data is removed from active storage, and no archives are retained.

 

5. Data Subprocessors

We use the following services to operate the App:

Subprocessor
Services
Jurisdiction
Purpose
Atlassian Forge
Result storage & encryption
Your chosen region
Stores only analysis results, not raw files.
Google Cloud Run
Data Quality API service
US (primary)
Stateless analysis processing; files are not retained.
Atlassian Cloud
Jira, Forge Storage, Authentication
US, EU (configurable)
Hosts your Jira instance, stores analysis results.

Additional Processors:

  • Cloud Run Logging: Temporary request logs (90-day retention) for service monitoring.

  • DNS & CDN: Cloudflare (used only for DNS resolution; no content or traffic inspection).

We audit our subprocessors regularly and will notify customers of any significant changes.

 

6. How We Protect Your Data6.1 Encryption

  • In Transit: All data transmission (between your Jira instance and the Cloud Run API) uses secure HTTPS/TLS 1.2+ encryption. Files are transmitted in-memory and are not cached in transit.

  • At Rest: Analysis results stored in Forge storage are encrypted by Atlassian using AES-256.

  • API Keys: Stored securely in Forge, never logged in plain text, and transmitted only via HTTPS headers.

 

6.2 Security Practices

  • Access Controls: All analysis requests require a valid API key header.

  • Data Isolation: Your files are processed in isolated Cloud Run container instances. There is no cross-tenant file data access or mixing.

  • Stateless Processing: Each request is processed independently without session state or temporary caching.

  • Security Scanning: Source code undergoes peer review, dependency vulnerabilities are monitored, and critical security patches are deployed within 24 hours.

 

7. Security Incident Management7.2 Incident Response

  • Assessment: Security incidents are assessed within 2 hours of detection.

  • Notification: We will notify you of any security breach affecting your stored results within 72 hours (in compliance with GDPR Article 33).

  • File Processing: In the event of a breach, only temporary request logs may be exposed; persistent file data is not at risk as files are not stored.

 

8. Your Data Rights (GDPR, CCPA, and Other Regulations)

All data subjects have the following rights:

Right
Description
How to Exercise
Object
Opt-out of certain processing activities.
Contact our privacy team.
Restrict Processing
Limit how we use your data.
Submit a DSAR request with processing limits.
Data Portability
Export your data in a machine-readable format.
Submit a DSAR request for data export.
Erasure
Request deletion of your data ("right to be forgotten").
Submit a DSAR request with erasure instruction.
Rectification
Correct inaccurate data.
Contact support or update in your Jira instance.
Access
Request a copy of all personal data we hold about you.
Submit a DSAR request.

Submitting a Data Subject Access Request (DSAR)

  1. Contact: Email us at info@syswisdom.ai with the subject line "Data Subject Access Request."

  2. Provide: Your Jira instance ID, account email, and the specific rights you are exercising.

  3. Verification: We will verify your identity (proof of Jira admin access is required).

  4. Timeline: We will respond within 30 days (may extend to 60-90 days for complex requests).

 

9. Data Transfer Across Borders

  • Jira Instance: Hosted by Atlassian in your chosen region (US, EU, Australia, etc.).

  • Analysis Processing: Data Quality analysis is processed on Google Cloud Run (US region - us-central1).

  • Storage of Results: Analysis results are stored in Atlassian Forge (the region follows your Jira instance).

  • Important: Raw file contents are not stored anywhere; they are transmitted temporarily and immediately discarded.

 

For EU customers, transfers of analysis results and temporary logs that may go to US data centers are protected by Standard Contractual Clauses (SCCs) implemented by Atlassian.

 

10. Contact Us

For privacy inquiries, data subject requests, or security concerns:

  • Data Protection Officer / Privacy Contact: Aaron McCormack

  • Email: info@syswisdom.ai

  • Phone: +1 (470) 841-4506

  • Mailing Address:
    Data Quality Jira App Privacy Team
    SysWisdom.AI
    428 Lakepoint Trce
    Canton, GA 30114
    United States of America

  • Response Time: We aim to respond to inquiries within 5 business days.

 

Appendix: Data Processing Summary

Key Processing Flow:

  1. User uploads file in Jira.

  2. File is sent via secure HTTPS POST to Google Cloud Run (US region).

  3. Cloud Run performs quality analysis in-memory.

  4. File is IMMEDIATELY DISCARDED from memory (not stored).

  5. Analysis results/score are returned via HTTPS to Jira.

  6. Results are stored in encrypted Atlassian Forge Storage (follows your Jira region).

Retention Timeline:

  • File Contents: NOT STORED (processed and discarded in-memory).

  • Analysis Results: Stored indefinitely in Forge until you delete them.

  • Request Logs: Retained 90 days in Cloud Run logs.

bottom of page