Privacy Policy

Last updated: March 2026

This privacy policy describes how Cloudox ("we", "us", or "our") collects, uses, and protects information when you use Issue AI for Jira ("the App"), a Forge-based application available on the Atlassian Marketplace.

1. Data Controller

Cloudox — Owner: Erol Demirkoparan
Oststr. 181
47057 Duisburg
Germany
Email: services@cloudox.de

2. What Data We Process

Issue AI for Jira is designed to minimize data processing. We distinguish between data processed by the App and data stored by the App.

2.1 Data Processed (Not Stored by Cloudox)

When you use AI-powered features, the following data may be temporarily processed during the request:

  • Text you enter as a description or prompt for issue creation
  • Issue titles and descriptions when using improvement features
  • Issue context when generating subtask suggestions

This data is sent to the third-party AI provider selected by your Jira administrator and is not stored by Cloudox. It is processed transiently to generate AI responses and discarded after the response is returned to Jira.

2.2 Data Stored by the App

The App stores the following non-personal configuration data using Atlassian Forge Key-Value Store (KVS):

  • Issue templates created by administrators
  • AI provider configuration (provider name, model selection)
  • API key for the selected AI provider (encrypted at rest by Forge KVS)
  • Feature toggles (AI enabled/disabled)

This data resides within Atlassian's infrastructure and is not accessible to Cloudox.

2.3 Data We Do Not Collect

  • We do not collect or store personal user data (names, emails, account IDs)
  • We do not access or transmit Jira attachments
  • We do not access or transmit issue comments
  • We do not collect analytics or usage tracking data
  • We do not use cookies
  • We do not build user profiles

3. Third-Party AI Providers

The App supports integration with the following third-party AI providers, as selected by the customer's Jira administrator:

ProviderPrivacy Policy
OpenAIopenai.com/privacy
Google (Gemini)policies.google.com/privacy
Anthropic (Claude)anthropic.com/privacy

When AI features are used, the user's input text is transmitted to the selected provider's API for processing. Each provider has its own data handling and retention policies. The customer's Jira administrator is responsible for selecting a provider that meets their organization's compliance requirements.

We do not intentionally use customer content for AI model training.

4. Legal Basis for Processing (GDPR)

We process data based on the following legal grounds:

  • Art. 6(1)(b) GDPR — Processing necessary for the performance of a contract (providing the App's functionality)
  • Art. 6(1)(f) GDPR — Legitimate interest in providing a functional and secure application

5. Data Transfers

The App runs on Atlassian Forge, which is hosted on AWS infrastructure. When AI features are used, data may be transferred to the servers of the selected AI provider, which may be located outside of the European Economic Area (EEA).

All supported AI providers (OpenAI, Google, Anthropic) participate in or provide adequate safeguards for international data transfers as required by applicable law.

6. Data Retention

  • AI request data: Not retained — processed transiently and discarded
  • Configuration data: Stored until the App is uninstalled or the administrator deletes it
  • API keys: Stored encrypted until changed or the App is uninstalled

7. Data Security

  • All data transmission uses HTTPS/TLS encryption
  • API keys are encrypted at rest using Atlassian Forge Encrypted Storage (storage.setSecret)
  • The App runs in Atlassian's sandboxed Forge runtime environment
  • Only administrators can configure AI settings and manage templates
  • The App requests only the minimum Jira permissions required

8. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Since the App does not collect or store personal data, most of these rights do not apply in practice. If you have questions or concerns, please contact us at services@cloudox.de.

9. Changes to This Policy

We may update this privacy policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page.

10. Contact

If you have any questions about this privacy policy or our data practices, please contact us at:

Cloudox — Erol Demirkoparan
Oststr. 181, 47057 Duisburg, Germany
Email: services@cloudox.de

Issue AI for Jira · Built by Cloudox

© 2026 Cloudox. All rights reserved.