Privacy Policy

Effective Date: March 7, 2026

Overview

This Privacy Policy explains how Permissions Auditor for Jira collects, uses, discloses, and protects information when you access or use the service.

Permissions Auditor for Jira is a read-only permissions auditing product for Jira Cloud. Based on the product's current design, the service is intended to run on Atlassian-hosted infrastructure and to process data needed to analyze Jira permissions, generate reports, and support the operation of the service.

By using the service, you acknowledge the practices described in this Privacy Policy.

Information We Collect

We may collect or process the following categories of information:

• Account and contact information, such as names, email addresses, organization details, and support communications.
• Jira-related configuration and permissions data needed to provide the service, such as permission schemes, project roles, groups, issue security configuration, global permissions, and related administrative settings.
• User and group metadata made available through Jira or Atlassian APIs, such as display names, account identifiers, email addresses where available, account status, group memberships, and account type.
• Report and export data generated through the service, such as CSV or PDF audit outputs.
• Technical and usage information, such as diagnostic logs, timestamps, request metadata, and information needed to secure, maintain, and improve the service.

We do not describe the service as modifying Jira permissions or other customer configuration. The service is positioned as read-only.

How We Use Information

We may use information to:

• provide, operate, maintain, and secure the service;
• analyze Jira permission structures and generate reports, summaries, and exports;
• troubleshoot issues, respond to support requests, and communicate with users;
• improve product performance, reliability, usability, and security;
• comply with legal obligations and enforce our terms, policies, and rights.

Legal Bases for Processing

Where applicable law requires a legal basis for processing, we may rely on one or more of the following:

• performance of a contract or steps taken at your request before providing the service;
• legitimate interests, such as operating, securing, supporting, and improving the service;
• compliance with legal obligations;
• consent, where consent is required by law.

How We Share Information

We may share information in the following circumstances:

• with Atlassian and related platform infrastructure providers as necessary to operate the service within the Atlassian ecosystem;
• with service providers or contractors that help us operate, support, secure, or improve the service, subject to appropriate confidentiality and data protection obligations;
• when required by law, regulation, legal process, or a valid governmental request;
• to protect the rights, property, safety, and security of our users, customers, the service, or others;
• in connection with a merger, acquisition, financing, asset sale, or similar corporate transaction.

We do not sell personal information.

Data Retention

We retain information for as long as reasonably necessary to provide the service, comply with legal obligations, resolve disputes, enforce agreements, and support legitimate business operations.

Retention periods may vary depending on the type of information, the nature of the customer relationship, applicable legal requirements, and operational needs. Exported reports may also be retained by customers according to their own policies and systems.

Data Security

We use reasonable administrative, technical, and organizational measures designed to protect information from unauthorized access, loss, misuse, alteration, or disclosure.

No method of transmission or storage is completely secure, and we do not guarantee absolute security.

International Data Transfers

Information may be processed or transferred in jurisdictions other than your own, including where Atlassian, our service providers, or support operations are located.

Where required, we will use reasonable steps and appropriate safeguards intended to support lawful cross-border data transfers.

Your Rights and Choices

Depending on your location and applicable law, you may have rights to request access to, correction of, deletion of, restriction of, or objection to certain processing of your personal information. You may also have the right to data portability or to withdraw consent where processing relies on consent.

To exercise applicable rights, contact us at support@permissions-auditor.com. We may need to verify your identity and authority before responding.

Children's Privacy

The service is intended for business and administrative use and is not directed to children. We do not knowingly collect personal information from children.

If you believe a child has provided personal information through the service, contact us and we will take reasonable steps to address the issue.

Third-Party Services

The service depends on third-party platforms and services, including Atlassian products and infrastructure. Those third parties may have their own privacy practices, terms, and policies.

This Privacy Policy does not apply to third-party websites, products, or services except to the extent we directly control the relevant processing.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we may update the effective date above and take other steps we consider appropriate under the circumstances.

Your continued use of the service after an updated Privacy Policy becomes effective indicates acceptance of the revised policy.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us at support@permissions-auditor.com.