Data Security and Privacy Statement for Comments Pulse

Introduction

Comments Pulse is committed to protecting the privacy and security of customer data. This Data Security and Privacy Statement explains how Comments Pulse for Jira Cloud processes data, how that data is used, and the measures we take to protect it.

Data Collection and Usage

Types of Data Processed

Comments Pulse processes the following categories of data from Jira Cloud as needed to provide the App's functionality:

• Jira user information, such as account ID, display name, and account type

• Jira work item metadata, such as issue key, summary, issue type, status, and project information

• Jira comment data, including comment content, reply relationships, timestamps, authorship, and mentioned users

• App usage context required to render the App and perform user-initiated actions within Jira

Comments Pulse is designed to support comment browsing and collaboration workflows inside Jira work items. The App does not require customers to submit separate personal profiles or unrelated personal data to use its core features.

Purpose of Data Processing

This data is processed solely for the purpose of:

• Loading and displaying Jira work item comments inside the Comments Pulse interface

• Organizing comments in flat and threaded views

• Filtering comments by author, mentioned user, and time range

• Searching comment content

• Allowing authorized users to create comments and replies from within the App

• Improving reliability, performance, and security of comment retrieval and submission

Data Storage and Security

Storage and Processing Location

Comments Pulse operates within the Atlassian Forge and Jira Cloud environment. The App retrieves and processes data from Jira Cloud in order to provide its features.

Comments Pulse currently uses short-lived in-memory caching during App execution to improve performance for repeated comment retrieval requests. This cache is temporary, scoped to App runtime behavior, and is not designed as long-term customer data storage.

Comments Pulse does not intentionally export or maintain customer Jira comment content in separate third-party databases or external application servers for its core functionality.

Security Measures

We rely on the security controls provided by the Atlassian Cloud and Forge platform and implement reasonable application-level safeguards, including:

• Encryption in transit through the Atlassian cloud platform

• Access to Jira data only through the permissions and scopes granted to the App

• Validation of comment and reply payloads before submission

• Validation of reply targets to reduce invalid or cross-context actions

• Short-lived, per-user caching logic intended to reduce cross-user data exposure risk

• Ongoing review and improvement of application behavior for security and reliability

Data Sharing and Third-Party Access

Comments Pulse does not sell customer data.

Comments Pulse does not disclose Jira data processed by the App to unrelated third parties for marketing or advertising purposes.

The App depends on Atlassian Cloud and Forge services to operate. As a result, data processed by the App is necessarily handled within the Atlassian platform environment and remains subject to Atlassian's applicable terms, infrastructure, and security practices.

Customer Responsibilities

Customers are responsible for:

• Ensuring they have the right to use and process data made available to the App

• Managing Jira permissions and access controls appropriately

• Reviewing their own internal privacy, retention, and governance requirements

• Determining whether the App is suitable for their organization's compliance obligations

Data Retention

Comments Pulse is intended to work with data already stored in Jira Cloud. Where the App uses temporary in-memory caching for performance, that data is retained only for a short period and is automatically discarded after the cache expires or is invalidated.

If the App is uninstalled or access is removed, App functionality stops, subject to Atlassian platform behavior and any applicable operational requirements.

Updates to This Statement

We may update this Data Security and Privacy Statement from time to time to reflect product changes, legal requirements, or operational improvements. Any material changes may be communicated through Marketplace updates, App documentation, release notes, or other reasonable means.

Contact Information

If you have any questions or concerns about our data security and privacy practices, please contact:

• App Developer(s): Forge5 Team

• Support: https://hangzhouace.atlassian.net/servicedesk/customer/portal/4