Collected Data and Storage

• LinkMap is a Jira and Service Desk add-on (further referred to as App) which operates within the browser and can only be obtained and installed via the Atlassian Marketplace.
• The app utilizes JWT authentication as provided by the Atlassian Connect Express (ACE) framework.
• The following ACE permission scopes are required to operate the app: (1) Delete data from the host application (in order to enable the user to delete links), (2) Write data to the host application (e.g. create new links), (3) Read data from the host application (access the Jira data to visualize).
• LinkMap does not store any personal information. Data collection is by default limited to the absolute minimum required for (a) authentication via ACE and (b) enabling the app's Content Security Policy settings to work with custom domains. Additionally, users have the option to store LinkMap configurations for their convenience. All data is stored in the European region, with a backup retention period of 7 days. No data is ever shared with any third-party organization.
• When importing a LinkMap configuration from disk, some of the configuration data is temporarily stored in the user's browser local storage.
• When users interact with the app, the majority of the traffic occurs directly between the user's browser and the Atlassian Cloud REST APIs. Browser requests are evaluated on the Jira instance within the context of the executing user, meaning each user can only access/edit data permitted by their Jira permission configuration.
• Logs are solely used for support cases, with no personal data logged. Log retention is 7 days.
• User behavior is not tracked (e.g., through Google Analytics).
• It is the customer's sole responsibility to provide all required mechanisms to maintain the privacy and security of the data and access to the app.

Security Measures

• The app participates in the Atlassian Marketplace Security Bug Bounty program for continuous security threat assessment. If a security threat is detected, we will follow the protocol and recommendations provided by Atlassian, in addition to taking appropriate actions deemed necessary.

Support Data

• Customers may choose to share additional information with us to receive support (e.g., use cases, bug reports). It is the customer's responsibility to sanitize all information (URLs, sensitive data in logs, screenshots, etc.) before sharing it with us.
• All such information is saved in a Jira Cloud instance provided by Atlassian, and only our employees have access to it.
• We may share such information with Atlassian at our discretion if we believe it may help provide better support to the client. It will not be shared with any other third-party without explicit written authorization from the customer.

Acceptance

• By installing the app, the customer agrees to all the terms described in this policy.