Privacy Policy

Effective date: June 16, 2026

This Privacy Policy explains how information is collected, used, shared, and protected when you use Assets Quality Guard for JSM Assets, an Atlassian Forge app for Jira Service Management Assets.

1. Information we collect

We may collect the following categories of information:

• Atlassian installation, site, license, and user-context information made available to the app by Atlassian
• Jira Service Management Assets workspace, schema, object type, attribute, object key, object label, timestamp, and relationship metadata needed to discover Assets data and run quality checks
• app configuration data, including quality policies, workflow impact areas, scan settings, ignored or resolved finding status, and CSV export filters
• scan job, work item, finding, evidence summary, remediation, and quality snapshot records generated by the app
• operational data such as logs, error summaries, diagnostic information, and support communications

2. How we use information

We may use information to:

• provide, operate, secure, and maintain Assets Quality Guard for JSM Assets
• authenticate and authorize access through Atlassian and Jira administration permissions
• discover Assets workspaces, schemas, object types, and attributes
• save and apply quality policies configured by administrators
• run manual and scheduled scans, calculate quality scores, and generate findings
• show findings, scan history, workflow impact context, remediation guidance, and CSV exports
• monitor performance, troubleshoot issues, and improve reliability
• respond to support requests and communicate about the service
• comply with legal obligations and enforce our terms

3. Customer data and role of the parties

When you use Assets Quality Guard for JSM Assets through an Atlassian site, the organization that administers that site is generally responsible for the Assets data made available to the app. The app processes that data to provide the service in accordance with customer instructions, administrator configuration, and applicable agreements.

The app is read-only with respect to Jira Service Management Assets records in the MVP. It identifies quality issues and provides remediation guidance, but it does not create, update, or delete customer Assets objects.

4. How we share information

We may share information:

• with Atlassian, where Atlassian provides the Forge platform, Jira Service Management, Assets APIs, app installation, app execution, app storage, authentication, licensing, and administration experiences
• with service providers that help us provide support or manage ordinary business communications, but not by sending Forge app data to non-Atlassian services
• when required by law, legal process, or a valid governmental request
• to protect the rights, safety, security, or integrity of Assets Quality Guard for JSM Assets, our users, Atlassian sites, or others
• in connection with a merger, acquisition, financing, or sale of assets

We do not sell personal information.

The Forge app is designed to run on Atlassian-hosted compute and persistent Forge storage. It does not send app data to non-Atlassian services, and the current app manifest does not declare external egress for app data.

We do not use third-party advertising platforms or ad trackers in the Forge app.

5. Data retention

We retain information for as long as reasonably necessary to provide the service, maintain scan history and findings, comply with legal obligations, resolve disputes, enforce agreements, and maintain appropriate business records.

Administrators can stop using the app or uninstall it through Atlassian administration controls. Atlassian’s Forge platform controls the lifecycle of persistent Forge storage after uninstall according to Atlassian’s platform behavior.

6. Security

We use reasonable administrative, technical, and organizational measures designed to protect information against unauthorized access, loss, misuse, or alteration. The app relies on Atlassian Forge hosting, storage, authentication, and permission controls for core app execution. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

7. International transfers

Your information may be processed in countries other than the country where you are located. The app uses persistent Forge storage, and Atlassian’s data residency features may apply where supported for the host Atlassian product and app installation. Where required, appropriate safeguards are used for cross-border transfers of personal data.

8. Your choices and rights

Depending on your location and applicable law, you may have rights to access, correct, delete, restrict, or object to certain processing of your personal information, or to receive a copy of it in a portable format.

If you use Assets Quality Guard for JSM Assets through an organization, you may need to contact that organization first regarding your data and related requests. Administrators can also manage app access and uninstall the app through Atlassian administration controls.

9. Third-party services

Assets Quality Guard for JSM Assets depends on Atlassian services, including Jira Service Management, Assets, Atlassian Forge, Atlassian account, and Atlassian Marketplace services. Atlassian’s collection and handling of information through those services are governed by Atlassian’s own terms and privacy policies, not this Privacy Policy.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make a material change, we may provide notice through the service, the website, or another reasonable method. The updated version becomes effective on the date stated at the top of the policy.

11. Contact

If you have questions about this Privacy Policy, use the support or contact channel made available with Assets Quality Guard for JSM Assets.