This document describes how the Issue Links Viewer (“the App”) collects, processes, stores, and protects customer data. The App integrates with Jira Cloud and is built mostly using the Atlassian Forge platform. The App operates within Atlassian-hosted infrastructure and does not maintain independent backend services unless explicitly stated.

Users can see and change how issues are related in Jira using the app, which lets them view issue links, change issue relationships, and change user preferences.

Each piece of data is stored on the Atlassian infrastructure. Currently, the global graph is the sole exception; however, it does not store any data.

The App only uses user data to perform its functions. The data processing is restricted to user-initiated actions and is conducted within the permissions granted by the customer's Jira environment.

The app does not sell customer information, use it for advertising, make profiles, or track users' movements.

The App can get to and use the following issue-related data:

• Issue identifiers (e.g., issue keys)

• Issue metadata required for visualization

• Issue relationships and links

• Issue link updates created by user actions

• Information necessary to render issue link graphs

This data is only accessed when it is necessary to provide the App with functionality.

A limited amount of user data related to Jira issues may be accessed by the app, including:

• User account identifiers

• Display names

• User references associated with issues

Unrelated personal information, passwords, or authentication credentials are not collected by the application.

When users change the relationships between issues, the app does the following:

• Creation of issue links

• Editing of issue links

• Deletion of issue links

All changes only take place in response to specific user actions.

For the app to work, it may store configuration and operational data, such as:

• User interface preferences

• Visualization settings

• Application configuration data

No personal data that is not pertinent to the context is retained.

Data is processed exclusively to:

• Render issue relationship visualizations

• Enable management of issue links

• Display issue information within Jira

• Maintain user preferences and configuration

• Support application functionality and performance

Data is only processed based on what the customer tells the system through user interaction.

The app works on cloud infrastructure hosted by Atlassian and made available by the Forge platform. Execution, storage, and processing of applications all happen in environments managed by Atlassian.

Unless otherwise indicated, the application does not run separate databases or third-party hosting services.

Customer data is stored within the Atlassian Cloud infrastructure in accordance with Atlassian's data residency and security controls.

Data stored by the App is retained only as long as necessary to provide functionality. Application data that has been stored is deleted during the uninstallation process, contingent upon the operational requirements and platform behavior.

Customer information is only shared with third-party services when it's necessary for the App to work within Atlassian's infrastructure.

• No external analytics providers are used unless explicitly stated.

• No advertising networks or tracking services are used.

• External resources are limited to Atlassian domains required for application functionality.

Only the bare minimum of permissions are needed for the App to operate. Access to issue data, user references, and the capacity to change issue links in response to user actions are a few examples of permissions.

All operations are carried out within the context of authenticated users and adhere to Jira's permission model.

The App relies on the security features that Atlassian Cloud infrastructure offers, such as:

• Isolated execution environments

• Tenant data isolation

• Platform-managed access control

• Infrastructure-level monitoring and protection

Atlassian-managed secure protocols encrypt all communication between the App and Jira services.

The App does things only for authenticated users and doesn't get around Jira's permission systems.

According to the principle of least privilege, the App only accesses the data it needs to do its job.

The app may keep operational logs to help with reliability and troubleshooting. Such logs are restricted to technical information that is essential for the operation of the service and do not intentionally contain sensitive personal data.

Customers maintain full control over their data within Jira. Users are permitted to:

• Control actions that modify issue data

• Uninstall the App at any time

Data that has been stored is kept only for operational reasons. The records will be erased following the removal of the App, following the procedure specified by Atlassian in the Forge data storage guidelines.

Security incidents or vulnerabilities are addressed through established response protocols. Reported issues are promptly investigated and resolved in accordance with their severity.

You can report security issues through the vendor's designated support channel.

Improvements in security practices, functionality, or regulatory requirements may necessitate periodic revisions to this policy. Updated versions will be made available to clients.

Customers may submit inquiries regarding data security, privacy practices, or data handling procedures to the vendor via the official support channel.

Contact: https://psc-software.atlassian.net/servicedesk/customer/portal/8