Privacy Policy for User Manager for Jira

Last updated: March 28, 2026

This Privacy Policy explains how D&L ("we", "us", or "our") collects, accesses, uses, stores, and deletes information when customers install or use User Manager for Jira (the "App") for Jira Cloud.

This App is intended for business use by Jira Cloud customers. It is not intended for personal, family, or household use.

  1. Who this policy applies to

This policy applies to:

  • Jira Cloud site administrators who install or configure the App
  • authorized users who access the App inside Jira Cloud
  • Jira account data processed by the App on behalf of the customer

For customer personal data processed through the App, the Jira customer is generally the data controller and we generally act as a processor or service provider, unless applicable law requires otherwise.

  1. What data the App processes

Based on the current implementation of the App, the App may process the following categories of data from Jira Cloud and related Atlassian services:

  • user identifiers such as accountId
  • user profile data such as display name, avatar URL, email address, account status, account type, and, where available, job title
  • group membership data
  • project membership and project role data
  • project metadata such as project key, project name, and project avatar
  • recent activity data for selected users within selected Jira projects, including issue metadata, comments, worklogs, and change history relevant to the activity view
  • app configuration data, including the list of users and groups authorized to access the App
  • technical instance metadata needed to scope configuration, such as site, dashboard, and gadget identifiers
  • an optional Atlassian Admin API key provided by a customer administrator to enable additional profile lookups

The App does not use customer data for advertising. The App does not sell personal data.

  1. Where the data comes from

The App retrieves data from:

  • Jira Cloud APIs made available through Atlassian Forge permissions granted during installation
  • Atlassian Admin and User Management APIs, only if a customer administrator configures an optional Atlassian Admin API key
  • customer-provided App configuration entered by administrators inside the App
  1. Why we process this data

We process the above data only to operate the App and provide its features, including:

  • displaying Jira users and their project visibility or membership
  • checking whether the current viewer is authorized to access the App
  • showing configured access users and groups
  • resolving project roles and group-based access relationships
  • displaying project icons, user profile details, and job title information
  • showing recent user activity within Jira projects
  • storing and applying App configuration per customer instance
  • validating and using an optional Atlassian Admin API key configured by the customer
  • maintaining performance and reliability through short-lived caching
  • detecting, preventing, and troubleshooting technical issues

We do not intentionally use App data for profiling, advertising, or unrelated marketing purposes.

  1. Legal basis

Where required by applicable law, our legal bases for processing are:

  • performance of a contract or steps taken at the customer's request to provide the App
  • legitimate interests in securing, operating, supporting, and improving the App for business users
  • compliance with legal obligations where applicable
  • consent, where consent is legally required for a specific activity
  1. Data storage and retention

The App uses Atlassian Forge hosted storage and Atlassian-hosted compute. Based on the current codebase:

  • App configuration data may remain stored until changed, removed, or deleted in connection with support, uninstall, or verified deletion requests, subject to Atlassian platform retention or backup processes
  • the optional Atlassian Admin API key remains stored until the customer replaces or removes it
  • short-lived cached data is retained only temporarily to improve performance

Current cache durations implemented in the App are approximately:

  • user recent activities: up to 90 seconds
  • user project roles: up to 2 minutes
  • user group caches: up to 5 minutes
  • project role detail caches: up to 5 minutes
  • project icon memory cache: up to 10 minutes
  • user profile and job title caches: up to 30 minutes

We aim to keep stored data limited to what is reasonably necessary to operate the App.

  1. Sharing and disclosures

Based on the current implementation, we do not disclose End-User Data from the App to non-Atlassian third-party analytics, advertising, or data broker services.

Data processed by the App may be disclosed only:

  • to Atlassian, through Jira Cloud, Atlassian Forge, and Atlassian Admin or User Management APIs as part of the App's normal operation
  • to our personnel or contractors who need access to support, secure, or maintain the App and who are bound by confidentiality obligations
  • if required by law, regulation, court order, or legally binding request
  • as reasonably necessary to establish, exercise, or defend legal claims, or to protect the security and integrity of the App

If we materially change subprocessors or external data flows, we will update this Privacy Policy.

  1. International transfers and hosting

The App runs on Atlassian Forge and uses Atlassian cloud services. As a result, customer data may be processed in locations supported by Atlassian's hosting and data residency model, subject to the customer's Atlassian configuration and Atlassian platform capabilities.

If we transfer personal data across borders outside the jurisdiction where it was collected, we will use an appropriate transfer mechanism where required by applicable law.

  1. Security

We take reasonable technical and organizational measures designed to protect data processed by the App. These measures include access controls, use of Atlassian-hosted infrastructure for App storage and execution, and limiting persistent storage to App configuration and necessary operational data.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

  1. Customer choices and user rights

Customers control whether to install the App and whether to configure the optional Atlassian Admin API key.

Depending on applicable law and the customer's role, users or customers may have rights to request access, correction, deletion, restriction, or objection regarding personal data processed by the App.

Because the App processes Jira data on behalf of the customer, requests relating to Jira account data should usually be directed first to the relevant Jira site administrator or organization. We will reasonably assist customers with verified privacy requests where required by law or Atlassian platform obligations.

To request deletion of stored App configuration or other privacy assistance, contact us at:

  1. Children's privacy

The App is intended for business and enterprise use and is not directed to children.

  1. Changes to this policy

We may update this Privacy Policy from time to time. If we make a material change, we will update the "Last updated" date above and, where appropriate, provide additional notice through the Marketplace listing, the App, or our support channels.

  1. Contact information

D&L
Email: dario3c0@gmail.com
Support contact: dario3c0@gmail.com