Effective date: 29th day of October, 2024
Purpose
Delivery Flow for Jira (the “App“) is owned and operated by Delivery Flow (“We”, the “Company”). Delivery Flow is committed to protecting and respecting your privacy. The purpose of this privacy policy (this “Privacy Policy“) is to tell You (“you”, “your” or “end-user”) how we use and protect your personal information or data (“Personal Data”).
This Privacy Policy applies in addition to the terms and conditions of the App.
GDPR
For users in the European Union, we adhere to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, known as the General Data Protection Regulation (the “GDPR”). For users in the United Kingdom, we adhere to the GDPR as enshrined in the Data Protection Act 2018.
We have not appointed a Data Protection Officer as we do not fall within the categories of controllers and processors required to appoint a Data Protection Officer under Article 37 of the GDPR.
Consent
By using our App users agree that they consent to:
1. The conditions set out in this Privacy Policy.
When the legal basis for us processing your personal data is that you have provided your consent to that processing, you may withdraw your consent at any time. If you withdraw your consent, it will not make processing which we completed before you withdrew your consent unlawful.
Legal Basis for Processing
We collect and process personal data about users in the EU only when we have a legal basis for doing so under Article 6 of the GDPR.
We rely on the following legal basis to collect and process the personal data of users in the EU:
1. Users have provided their consent to the processing of their data for one or more specific purposes.
What Data Do We Collect
End User Data
Data collected by the App will only be used for the purposes specified in this Privacy Policy. Delivery Flow supports operation of its product by utilising Atlassian’s hosted storage. This means that all Data stored by Delivery Flow is stored in the your Atlassian Cloud environment. No data is ever extracted from your environment.
We categorise stored End User Data into three types of data within your Atlassian Cloud environment:
- Product level settings
- User level settings
- Calculation data
User level settings include a cryptographically hashed version of the users Atlassian accountID to identify the owner of the settings. Calculation data is generated and stored during query processing but is subsequently removed—essentially, it is temporary.
Logging Data
All logs generated by Delivery Flow reside in the customers Jira Cloud environment. By default, these are shared with the developer via Atlassian’s developer console. Delivery Flow relies on logs for two critical reasons:
- Debugging—to identify and fix issues in code.
- Monitoring—to track system behaviour, performance, and potential errors.
Our logs contain code flow information and calculation results only. No Personally identifiable information is gathered.
Who We Share Data With
Employees
We may disclose user data to any member of our organisation who reasonably needs access to user data to achieve the purposes set out in this Privacy Policy.
Other Disclosures
We will not sell or share your data with other third parties, except in the following cases:
- If the law requires it;
- If it is required for any legal proceeding;
- To prove or protect our legal rights; and
- To buyers or potential buyers of this company in the event that we seek to sell the company.
How Long We Store Data
Logs are retained for 30 days. Storage data as defined in What Data Do We Collect above is held indefinitely as it is required for the App to function as needed by Administrators and End Users. If the App is uninstalled, stored data can remain in Atlassian’s hosted storage for a maximum of 14 days.
How We Protect Your Data
No data is extracted from your Jira Cloud instance. All processing and calculations occur within your Atlassian Cloud environment. In addition to this, no updates to your data occur. Delivery Flow has read only permissions. As Delivery Flow operates within Atlassian’s Forge infrastructure, all traffic is encrypted with TLS, configurations are constantly scanned for vulnerabilities and the system is proactively monitored for security or abuse events.
While we take all reasonable precautions to ensure that user data is secure and that users are protected, there always remains the risk of harm. The Internet as a whole can be insecure at times and therefore we are unable to guarantee the security of user data beyond what is reasonably practical.
Analytics and Usage Data
Our app uses Google Analytics to collect general usage data that helps us understand how our product is being used, enabling us to improve features and better serve our customers. This data does not contain any information that could be used to identify individual users. Instead, it includes generic usage information that helps us identify usage trends and feature engagement, which provides insights into user interactions within the app. We are committed to protecting your privacy and use this aggregated, anonymous data solely to enhance the user experience.
Your Rights as a User
Under the GDPR, you have the following rights:
- Right to be informed;
- Right of access;
- Right to rectification;
- Right to erasure;
- Right to restrict processing;
- Right to data portability; and
- Right to object.
How to Access, Modify, Delete, or Challenge the Data Collected
If you would like to know if we have collected your personal data, how we have used your personal data, if we have disclosed your personal data and to who we disclosed your personal data, if you would like your data to be deleted or modified in any way, or if you would like to exercise any of your other rights under the GDPR, please contact our privacy officer here:
How to Opt-Out of Log Data Collection
In addition to the method(s) described in the How to Access, Modify, Delete, or Challenge the Data Collected section, we provide the following specific opt-out method regarding the collection of Log data.
Logs are generated for support and debugging purposes. These logs contain App and code flow information data. No personal data is contained in these logs. The developer has access to these logs by default. This access can be denied by the user. You can opt-out by disabling log access to your site by the developer, which means your logs will no longer be available to the developer.
Details of how to do this can be found here:
Modifications
This Privacy Policy may be amended from time to time in order to maintain compliance with the law and to reflect any changes to our data collection process. When we amend this Privacy Policy we will update the “Effective Date” at the top of this Privacy Policy. We recommend that our users periodically review our Privacy Policy to ensure that they are notified of any updates. If necessary, we may notify users by email of changes to this Privacy Policy.
Complaints
If you have any complaints about how we process your personal data, please contact us through the contact methods listed in the Contact Information section so that we can, where possible, resolve the issue. If you feel we have not addressed your concern in a satisfactory manner you may contact a supervisory authority. You also have the right to directly make a complaint to a supervisory authority. You can lodge a complaint with a supervisory authority by contacting the Data Protection Commission.
Contact Information
If you have any questions, concerns or complaints, you can contact our privacy officer at: