1. Data Controller

LND Tech ("we", "us", "our") operates Guardrails Checker for Jira. For privacy inquiries, contact us at support@lndtech.eu.

2. What Data the App Accesses

Guardrails Checker for Jira is a read-only Forge app. It accesses the following data from your Jira Cloud instance via Jira REST APIs:

Configuration and Metadata

• Field definitions (count, names, types)
• Project list and metadata
• Issue types
• Workflow schemes and workflow names
• Workflow status counts
• Components and versions
• Priorities

Context

When you open the App, the Forge platform provides context such as the site ID, project ID (for project pages), and user identity. This context is used to fetch the relevant Jira data for the audit report.

We do not access issue content, comments, attachments, or other user-generated content beyond what is needed to compute the metrics.

3. How We Use the Data

Data is used exclusively to:

• Compute guardrail metrics (counts, ratios) for the audit report
• Display visual gauges and percentile markers
• Provide "where to look" hints (e.g., sample field names, workflow names) when metrics exceed thresholds
• Cache scan results in Atlassian Forge storage to improve performance and reduce API calls

4. Where Data Is Processed

All processing occurs within Atlassian's Forge platform. The App runs on Forge infrastructure; Jira API calls are made from Forge; cached results are stored in Forge app storage. We do not transmit your Jira data to our own servers.

For information about Atlassian's data handling, see Atlassian's Privacy Policy.

5. Data Retention

Cached scan results are stored in Forge app storage. They are overwritten when new scans run (e.g., scheduled refresh or manual refresh). We do not retain copies of your data outside the Forge environment.

6. Data Sharing

We do not sell, rent, or share your data with third parties. Data is used only to provide the App's functionality.

7. Security

This section summarizes how we protect the App and your data in line with expectations for Atlassian Marketplace cloud apps and common cloud security practices. Security on Atlassian Cloud also depends on Atlassian’s platform controls; see Atlassian security practices (cloud) for how Atlassian secures its cloud products and infrastructure.

Authentication and access

The App runs on Atlassian Forge. End users sign in through Atlassian; we do not use Basic authentication against your Jira tenant for this public app, and we do not collect or store Atlassian user passwords or end-user API tokens. API access to Jira is performed through the installation’s authorized Forge app context, subject to Atlassian’s security model.

Least privilege

We request only the Jira and Forge permissions required for read-only auditing and caching:

• read:jira-work — read Jira configuration and metadata needed for guardrail metrics
• read:jira-user — limited user context where required by the platform or metrics
• storage:app — Forge app storage for cached scan results (as described in section 3)

Encryption and transport

Communications between Forge, Jira Cloud, and Atlassian services use TLS (TLS 1.2 or higher). Cached data resides in Atlassian Forge app storage, which is protected under Atlassian’s platform security model, not on LND Tech infrastructure.

Secure development and operations

• We treat untrusted input carefully to reduce injection and abuse risks.
• We do not embed secrets or credentials in source repositories; we rely on platform-supported mechanisms where applicable.
• We avoid logging personally identifiable information, credentials, tokens, or API keys.
• We run dependency vulnerability checks (for example, npm audit) before releases and address issues that affect the App.

Vulnerabilities and incidents

If you believe you have found a security issue in this App, contact support@lndtech.eu with details and steps to reproduce. We triage reports promptly and coordinate with Atlassian when required (for example, per Marketplace security requirements). More detail on our process appears in our security policy.

Shared responsibility

Protecting your Atlassian site also depends on your organization’s choices (user access, admin settings, SSO, and other Marketplace apps). Atlassian describes shared responsibilities for cloud customers in its trust and security documentation; we design this App to minimize data access and to stay within Forge and Jira’s intended security boundaries.

8. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

• Access — Request information about what data we process
• Rectification — Correct inaccurate information
• Erasure — Request deletion of your data
• Object — Object to certain processing
• Portability — Receive your data in a portable format

To exercise these rights, contact us at support@lndtech.eu. You may also uninstall the App from your Jira instance; cached data associated with your site will no longer be used.

9. Children's Privacy

Guardrails Checker for Jira is a business tool for Jira Cloud administrators. It is not directed at children. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the "Last Updated" date. Your continued use of the App after changes constitutes acceptance of the updated policy.