Breadcrumbs

App Privacy Policy (Forge & Data Center)

1. General Information

This Privacy Policy explains how DevOpsSystems apps may process data when used in Atlassian environments.

The exact data processing depends on the specific app, the Atlassian product, the deployment model, the app configuration, and the customer’s use case.

DevOpsSystems provides apps for different Atlassian deployment models, including:

  • Forge apps for Atlassian Cloud,

  • Data Center apps installed in customer-managed Atlassian environments.

This policy is intended to provide a common privacy overview for DevOpsSystems apps while clearly distinguishing between Forge-specific processing and Data Center-specific processing.

2. Data Controller Information

The provider of the app is:

DevOpsSystems GmbH
Saarpfalz-Park 1
66450 Bexbach
Germany

Email: info@devopssystems.de

Depending on the context, the Atlassian customer may be responsible for the operation of the Atlassian environment, user permissions, app configuration, data retention, and compliance with internal or legal requirements.

For data submitted directly to DevOpsSystems, for example through a support request, DevOpsSystems may process that information for support, troubleshooting, contractual, security, communication, or legal purposes.

3. Scope of This Policy

This Privacy Policy applies to DevOpsSystems apps for Atlassian products.

It applies to:

  • DevOpsSystems Forge apps,

  • DevOpsSystems Data Center apps,

  • app configuration data,

  • app-generated operational data,

  • optional aggregated usage statistics,

  • optional audit logs,

  • support and troubleshooting data submitted to DevOpsSystems.

This policy does not replace:

  • Atlassian’s own privacy policies,

  • Atlassian Cloud terms,

  • the customer’s own privacy policies,

  • customer-internal security rules,

  • customer-specific data processing agreements,

  • separate written agreements between DevOpsSystems and a customer.

If a product-specific privacy notice, customer-specific addendum, or separate written agreement contains more specific rules, that document may apply for the specific product, customer, or scope described there.

4. Definitions

  • App means any DevOpsSystems app for Atlassian products.

  • Forge App means a DevOpsSystems app built on the Atlassian Forge platform and used within Atlassian Cloud.

  • Data Center App means a DevOpsSystems app installed in a customer-managed Atlassian Data Center environment.

  • Atlassian host product means the Atlassian product in which the app is installed or used, for example Jira, Confluence, or Bitbucket.

  • Atlassian Cloud site means the Atlassian Cloud environment in which a Forge app is installed.

  • Customer-managed environment means the infrastructure, database, file system, logs, configuration, backups, and operational systems managed by the customer for Atlassian Data Center products.

  • Administrator means a user authorized by the customer to install, configure, manage, or administer the Atlassian host product or the app.

  • Authorized user means a user who has been granted permission by the customer or administrator to use or configure specific app features.

  • Support data means information voluntarily submitted to DevOpsSystems for support or troubleshooting, such as support tickets, logs, screenshots, exports, diagnostic information, or communication.

  • Pseudonymous user identifier means an identifier such as an Atlassian account ID, user key, or comparable technical identifier that does not directly contain the user’s name or email address but may still allow user-related traceability within the relevant Atlassian environment.

5. Product and Deployment Models

5.1 Forge Apps

Forge apps run on the Atlassian Forge platform.

Forge provides Atlassian-managed infrastructure, app execution, authentication, storage, permissions, and platform security controls.

DevOpsSystems does not operate dedicated customer-specific application infrastructure for Forge app data unless explicitly stated for a specific app or feature.

Forge app data is processed within Atlassian Cloud and Atlassian Forge according to:

  • the app functionality,

  • the permissions granted to the app,

  • the customer configuration,

  • Atlassian Cloud and Forge platform behavior.

5.2 Data Center Apps

Data Center apps are installed, hosted, configured, and operated by the customer in their own Atlassian environment.

The customer controls:

  • infrastructure,

  • database,

  • file system,

  • network access,

  • user permissions,

  • backups,

  • log retention,

  • app configuration,

  • operational security,

  • access rights,

  • data deletion and retention.

DevOpsSystems does not have direct access to customer-managed Atlassian environments unless the customer voluntarily provides information to DevOpsSystems, for example through a support request, log file, screenshot, export, or troubleshooting session.

6. Roles Under Data Protection Law

For both Forge and Data Center apps, the customer configures the processing — for example which rules, conditions, or workflows the app applies. The customer thereby determines the purpose and the essential parameters of any processing. The technical manner in which configured rules are executed in the background, for example reading and evaluating issues, is defined by the app’s code and is strictly bound to the customer’s configuration.

For Data Center apps, the app runs entirely within the customer-managed environment. The customer is the controller, and DevOpsSystems has no access to the data.

For Forge apps, the app runs on the Atlassian Forge platform. The customer is the controller, and Atlassian acts as a processor providing the underlying platform. In normal operation, DevOpsSystems does not access the data processed within the customer’s Atlassian Cloud site.

Operational and debug logging on the one hand, and audit logging on the other, are two separate and unrelated features that serve different purposes and should not be confused:

  • Operational and debug logs exist for technical operation, error handling, and troubleshooting. They are designed to avoid personal data and are limited to technical information, consistent with Atlassian’s requirements.

  • Audit logs are a separate, optional feature that exists solely to give administrators traceability of app configuration changes. Not every app provides an audit log. Where an app provides this feature and an administrator enables it, the audit log intentionally records a pseudonymous user identifier (such as an Atlassian account ID) together with the date and the configuration change, so that administrators can see who changed an app setting. Such audit logs are stored within the customer’s environment and can only be viewed and deleted by the customer’s administrators. DevOpsSystems does not access them in normal operation.

Where DevOpsSystems exceptionally accesses data within the customer’s environment — for example when an administrator submits operational logs or audit log information as part of a support request — and that data allows direct or indirect identification of individuals, DevOpsSystems acts as a processor on behalf of the customer for that processing, and the provisions of the applicable data processing agreement under Art. 28 GDPR apply.

7. What Data May Be Processed?

Depending on the specific app, Atlassian product, deployment model, app version, configuration, and customer use case, the app may process the following categories of data.

Data Category

Examples

Purpose

User identifiers

Atlassian account ID, user key, username, display name, email address, group membership, or comparable identifiers depending on the Atlassian product and deployment model

Applying app rules, permissions, workflows, auditability, configuration, user-specific behavior, or administrative traceability

Atlassian object identifiers

Project keys, repository names, branch names, pull request IDs, issue keys, page IDs, space keys, workspace identifiers

Performing app functionality and linking actions to Atlassian objects

App configuration data

Rules, conditions, mappings, templates, preferences, validation settings, workflow settings, feature settings

Storing and applying app behavior configured by administrators or authorized users

Action and event data

Pull request events, push events, workflow events, page events, issue events, validation results, rule executions, configuration changes

Executing app logic based on configured rules and app functionality

Operational and support log data

Timestamps, app actions, technical context, execution results, error messages, configuration references, validation results, stack traces, or other diagnostic information

Operating the app, troubleshooting technical issues, analyzing errors, improving app stability, and supporting customers

Optional aggregated usage statistics

Aggregated counters or metrics about app usage, feature usage, processed objects, configured resources, rule executions, validations, or other app-specific actions

Providing administrators with usage insights and helping customers understand how the app is used. These statistics are collected only when enabled by an administrator or authorized user, are aggregated, are not linked to individual users, and can be deleted at any time

Optional audit log data

Pseudonymous user identifier of the user who changed app settings, date and time of the change, changed app setting, and information about the configuration change where applicable

Providing administrators with an audit trail of app configuration changes. Audit logs are collected only when enabled by an administrator and can only be viewed and deleted by administrators

Integration credentials or tokens

API tokens, HTTP tokens, email address, credentials, or other authentication information configured by an administrator for optional integrations

Authenticating with configured external systems where the app functionality requires it

License or entitlement information

SEN, Marketplace license state, app version, maintenance status, host product version, Cloud ID, site information

License validation, support entitlement, compatibility checks, support processing, and app operation

Not every app processes every category listed above. The actual data processed depends on the specific app, Atlassian product, deployment model, enabled features, and customer configuration.

8. Optional Aggregated Usage Statistics

Some apps may provide optional aggregated usage statistics. These statistics are collected only when enabled by an administrator or authorized user.

When enabled, the app may collect aggregated counters or metrics about app usage, feature usage, processed objects, configured resources, rule executions, validations, or other app-specific actions.

The exact statistics depend on:

  • the specific app,

  • the app functionality,

  • the Atlassian host product,

  • the deployment model,

  • the customer configuration.

These statistics are used to provide administrators with usage insights and to help customers understand how the app is used.

The statistics are aggregated and are not linked to individual users. They are not used to create user profiles and do not include:

  • user names,

  • email addresses,

  • Atlassian account IDs,

  • user keys,

  • issue content,

  • page content,

  • pull request content,

  • commit messages,

  • comments,

  • attachments,

  • other customer content.

The collection of optional aggregated usage statistics can be disabled again by an administrator or authorized user.

Collected usage statistics can be deleted at any time by an administrator or authorized user, depending on the app permissions and configuration.

For Forge apps, optional aggregated usage statistics are stored in the standard Atlassian Forge storage backend.

For Data Center apps, optional aggregated usage statistics are stored within the customer-managed Atlassian environment.

9. Optional Audit Logs

Some apps may provide optional audit logs for app configuration changes. Audit logs are collected only when enabled by an administrator.

When enabled, the app may record changes made to app settings. Audit log entries may include:

  • a pseudonymous user identifier of the user who made the change, such as an Atlassian account ID, user key, or comparable identifier depending on the Atlassian product and deployment model,

  • the date and time of the change,

  • information about the app setting that was changed,

  • details of the configuration change where applicable.

Audit logs are intended to provide administrators with transparency and traceability for changes made to app configuration.

Audit logs can only be enabled, viewed, and deleted by administrators.

Audit logs do not include user names, email addresses, or user profile details unless such information is part of configuration data intentionally entered by an administrator.

Audit logs may include pseudonymous user identifiers for administrative traceability.

Sensitive values such as API tokens, HTTP tokens, passwords, private keys, or other credentials are not stored in audit logs.

If a credential-related setting is changed, the audit log may record that the setting was changed, but not the sensitive value itself.

Audit logs are not used for marketing, profiling, or behavioral analysis.

For Forge apps, optional audit logs are stored in the standard Atlassian Forge storage backend.

For Data Center apps, optional audit logs are stored within the customer-managed Atlassian environment.

Audit logs can be deleted at any time by an administrator.

10. Credentials and Tokens

Some app features may require administrators to configure credentials or tokens, for example to connect to an external API or another Atlassian product.

Where credentials or tokens are required, they are used only for the configured purpose.

Administrators should provide only credentials with the minimum permissions required for the intended integration.

DevOpsSystems recommends rotating tokens regularly and revoking credentials when they are no longer required.

10.1 Credentials and Tokens in Forge Apps

Sensitive data such as API tokens, HTTP tokens, passwords, private keys, or other credentials are stored in the encrypted Atlassian Forge storage backend.

Credentials and tokens are used by the Forge app runtime only to perform the configured app functionality.

DevOpsSystems does not store these credentials or tokens in separate infrastructure operated by DevOpsSystems.

Sensitive values such as API tokens, HTTP tokens, passwords, private keys, or other credentials are not stored in audit logs.

If a credential-related setting is changed, the audit log may record that the setting was changed, but not the sensitive value itself.

10.2 Credentials and Tokens in Data Center Apps

Some Data Center apps may allow administrators to configure credentials or tokens for integrations with external systems.

Where credentials or tokens are required, they are stored within the customer-managed Atlassian environment according to the storage mechanisms provided by the Atlassian host product and the app.

The customer is responsible for securing the customer-managed environment, including:

  • database access,

  • file system access,

  • backups,

  • administrator permissions,

  • system access,

  • operational security,

  • host product security,

  • app update processes.

Sensitive values such as API tokens, HTTP tokens, passwords, private keys, or other credentials are not stored in audit logs.

If a credential-related setting is changed, the audit log may record that the setting was changed, but not the sensitive value itself.

DevOpsSystems does not receive credentials or tokens from Data Center apps unless the customer voluntarily provides such information as part of a support request or troubleshooting process.

Customers should avoid submitting credentials, tokens, passwords, private keys, or other secrets in support requests.

11. Operational Logs, Debug Logs, and Support Data

Apps may generate operational logs required for technical operation, error handling, diagnostics, security investigation, and app stability.

Some apps may also provide additional support or debug logging features. These logging features are intended for troubleshooting and error analysis.

Depending on the app, configuration, and issue being investigated, logs may contain:

  • app-specific actions,

  • timestamps,

  • technical context,

  • execution results,

  • configuration references,

  • object identifiers such as project keys, issue keys, page IDs, repository names, branch names, or pull request IDs,

  • user identifiers where required by the Atlassian host product or app logic,

  • validation results,

  • error messages,

  • stack traces.

DevOpsSystems aims to minimize personal data in logs where reasonably possible.

Customers should avoid enabling support or debug logging longer than necessary.

Customers should review logs, screenshots, exports, and attachments before submitting them to DevOpsSystems and remove unnecessary confidential or personal data where possible.

11.1 Operational Logs and Support Logs in Forge Apps

Some Forge apps may provide support or debug logging features for troubleshooting purposes.

DevOpsSystems may access general app logs for error analysis only if an administrator enables the relevant support or debug logging functionality for support purposes.

Such support or debug logs are used only to:

  • analyze errors,

  • troubleshoot support requests,

  • improve app stability,

  • investigate security issues,

  • resolve technical issues.

Access by DevOpsSystems is limited to authorized personnel who need access for support, troubleshooting, security, contractual, or legal purposes.

DevOpsSystems does not access customer data directly through the app unless the customer enables a support-related logging function, provides information through a support request, or otherwise explicitly authorizes access for troubleshooting.

11.2 Operational Logs and Support Logs in Data Center Apps

Data Center app logs are generated and stored within the customer-managed Atlassian environment.

DevOpsSystems does not have direct access to these logs.

DevOpsSystems receives such logs only if the customer voluntarily provides them, for example through:

  • a support request,

  • a log file,

  • a screenshot,

  • an export,

  • a troubleshooting session,

  • a diagnostic package.

Because logs are generated inside the customer-managed environment and may contain customer-specific context, customers should review logs before submitting them to DevOpsSystems.

12. Where Is Data Stored?

The storage location depends on the deployment model.

12.1 Data Storage for Forge Apps

Forge app data is stored and processed using Atlassian Forge platform services and Atlassian-managed cloud infrastructure.

Non-sensitive app configuration data, app data, optional aggregated usage statistics, and optional audit logs are stored in the standard Atlassian Forge storage backend.

Sensitive data, such as API tokens, HTTP tokens, passwords, private keys, or other credentials required for configured integrations, is stored in the encrypted Atlassian Forge storage backend.

The physical location, hosting, availability, and platform-level security controls are provided by Atlassian according to Atlassian’s cloud and Forge platform documentation.

DevOpsSystems does not operate separate customer-specific application infrastructure for Forge app data unless explicitly stated for a specific app or feature.

12.2 Data Storage for Data Center Apps

Data processed by a Data Center app is stored within the customer-managed Atlassian environment, for example in:

  • the database of the Atlassian host product,

  • the home directory of the Atlassian host product,

  • log files of the Atlassian host product,

  • app-specific configuration storage provided by the host product.

Optional aggregated usage statistics and optional audit logs, if enabled, are also stored within the customer-managed Atlassian environment.

The customer controls:

  • storage location,

  • access rights,

  • backup strategy,

  • log rotation,

  • retention periods,

  • deletion,

  • operational security.

DevOpsSystems does not store optional aggregated usage statistics or audit logs from Data Center apps in separate infrastructure operated by DevOpsSystems unless the customer voluntarily provides such information as part of a support request or troubleshooting process.

12.3 Support Data Submitted to DevOpsSystems

Support data submitted directly to DevOpsSystems is stored in the systems used by DevOpsSystems to process support requests, customer communication, troubleshooting, security review, and support history.

Support data may include:

  • support ticket content,

  • customer communication,

  • screenshots,

  • logs,

  • exports,

  • diagnostic information,

  • reproduction steps,

  • app and host product information,

  • attachments submitted by the customer.

13. Does the App Transfer Data to DevOpsSystems?

The transfer of data to DevOpsSystems depends on the deployment model and customer configuration.

13.1 Forge Apps

Forge apps operate on the Atlassian Forge platform.

Some Forge apps may provide support or debug logging features for troubleshooting purposes.

DevOpsSystems may access general app logs for error analysis only if an administrator enables the relevant support or debug logging functionality for support purposes.

Forge apps do not transfer optional aggregated usage statistics or optional audit logs to DevOpsSystems unless this is explicitly stated for a specific app feature or enabled/configured by the customer.

Support data may be transferred to DevOpsSystems if the customer submits it through a support request or otherwise provides it for troubleshooting.

13.2 Data Center Apps

By default, DevOpsSystems Data Center apps do not automatically transfer customer content, user data, usage statistics, audit logs, or operational data to DevOpsSystems.

Data may be transferred to DevOpsSystems only if:

  • the customer manually submits information through a support request,

  • the customer sends log files, screenshots, exports, or diagnostic information,

  • the customer provides audit log information as part of a support or troubleshooting process,

  • the customer participates in troubleshooting or consulting,

  • the customer explicitly configures the app to communicate with another system,

  • another transfer is required by contract, law, or support process.

Optional aggregated usage statistics and optional audit logs generated by Data Center apps are stored within the customer-managed Atlassian environment and are not automatically transmitted to DevOpsSystems.

14. Are Data Shared with Third Parties?

DevOpsSystems does not sell customer data.

Data may be processed by third parties only where necessary to:

  • provide the app functionality,

  • operate Atlassian Cloud or Atlassian Forge,

  • process support requests,

  • provide documentation or support systems,

  • comply with legal obligations,

  • communicate with systems explicitly configured by the customer,

  • protect security, integrity, or availability.

Forge apps rely on Atlassian Cloud and Atlassian Forge as the underlying platform. Data may be processed by Atlassian as required to provide Atlassian Cloud and Forge services.

For Data Center apps, data is stored within the customer-managed Atlassian environment and is not automatically transmitted to DevOpsSystems or third parties.

If the customer configures an app to interact with external systems, data may be exchanged with those systems according to the customer’s configuration and the functionality of the app.

Support data submitted to DevOpsSystems may be processed by service providers used for support, communication, documentation, hosting, or ticket management, where required to provide the requested service.

15. Is User Behavior Analyzed?

DevOpsSystems apps do not analyze personal user behavior for marketing purposes.

Some apps may provide optional aggregated usage statistics when enabled by an administrator or authorized user.

These statistics may include aggregated counters or metrics about app usage, feature usage, processed objects, configured resources, rule executions, validations, or other app-specific actions.

The exact statistics depend on the specific app, its functionality, the Atlassian host product, the deployment model, and the customer configuration.

These statistics are aggregated, are not linked to individual users, and are not used to create user profiles.

They do not include:

  • user names,

  • email addresses,

  • Atlassian account IDs,

  • user keys,

  • issue content,

  • page content,

  • pull request content,

  • commit messages,

  • comments,

  • attachments,

  • other customer content.

Some apps may also provide optional audit logs for app configuration changes.

Audit logs are used for administrative traceability and are not used for marketing, profiling, or behavioral analysis.

Optional aggregated usage statistics can be disabled and deleted by an administrator or authorized user, depending on the app permissions and configuration.

Optional audit logs can be disabled and deleted by an administrator.

16. Who Has Access to the Data?

Access depends on the deployment model, customer permissions, app configuration, and enabled features.

16.1 Customer Access

Customer administrators control which users can install, configure, administer, and use the app.

Access to app data is governed by:

  • Atlassian Cloud permissions,

  • Atlassian Forge permission and scope model,

  • Atlassian Data Center permissions,

  • app configuration,

  • customer user permissions,

  • administrator settings.

Optional aggregated usage statistics, if enabled, can be viewed and deleted by administrators or authorized users depending on the app permissions and configuration.

Optional audit logs, if enabled, can only be viewed and deleted by administrators.

16.2 DevOpsSystems Access for Forge Apps

DevOpsSystems does not generally access customer data directly through Forge apps.

Some Forge apps may provide support or debug logging features for troubleshooting purposes.

DevOpsSystems may access general app logs for error analysis only if an administrator enables the relevant support or debug logging functionality for support purposes.

Such access is used only for:

  • troubleshooting,

  • error analysis,

  • security investigation,

  • support,

  • app stability improvement,

  • resolving technical issues.

Access by DevOpsSystems is limited to authorized personnel who need access for support, troubleshooting, security, contractual, or legal purposes.

DevOpsSystems does not access optional audit logs unless the customer explicitly provides audit log information as part of a support request or troubleshooting process.

16.3 DevOpsSystems Access for Data Center Apps

DevOpsSystems does not have direct access to app data, optional aggregated usage statistics, audit logs, app configuration data, customer content, or operational data stored in the customer-managed Atlassian environment.

DevOpsSystems has access only to information that the customer voluntarily provides, for example through:

  • a support request,

  • a log file,

  • a screenshot,

  • an export,

  • a diagnostic package,

  • a troubleshooting session.

Within DevOpsSystems, access to support data is limited to authorized personnel who need access for support, troubleshooting, contractual, security, or legal purposes.

17. How Long Is Data Stored?

Retention depends on the data category and deployment model.

17.1 Forge Apps

App configuration data and app data are stored as long as required to provide the app functionality.

Optional aggregated usage statistics, if enabled, are retained until deleted by an administrator or authorized user, disabled and removed through app functionality, removed according to the customer’s retention process, or removed when the app is uninstalled where applicable.

Optional audit logs, if enabled, are retained until deleted by an administrator, removed according to the customer’s retention process, or removed when the app is uninstalled where applicable.

Sensitive credentials or tokens are retained as long as required for the configured integration and can be removed by deleting or changing the relevant configuration or uninstalling the app where applicable.

17.2 Data Center Apps

Data stored in the customer-managed Atlassian environment is retained according to the customer’s own configuration, retention policies, app settings, and Atlassian host product settings.

Optional aggregated usage statistics, if enabled, are retained until deleted by an administrator, disabled and removed through app functionality, removed according to the customer’s retention process, or removed by uninstalling the app where applicable.

Optional audit logs, if enabled, are retained until deleted by an administrator, removed according to the customer’s retention process, or removed by uninstalling the app where applicable.

The customer controls retention, backups, log rotation, and deletion within the customer-managed environment.

17.3 Support Data

Support data submitted to DevOpsSystems is retained as long as necessary to:

  • process the support request,

  • maintain support history,

  • troubleshoot issues,

  • comply with contractual or legal obligations,

  • resolve disputes,

  • protect legal rights,

  • improve support quality.

Data may be retained longer where required by law, contract, security investigation, or legal claim.

18. How Can Data Be Deleted or Corrected?

For data stored in Atlassian Cloud, users should contact their Atlassian site administrator or the organization operating the Atlassian Cloud site.

For data stored in a customer-managed Data Center environment, users should contact their Atlassian administrator or the organization operating the Atlassian environment.

Administrators can usually delete app configuration data through the app settings or by uninstalling the app.

Optional aggregated usage statistics, if enabled, can be deleted at any time by an administrator or authorized user, depending on the app permissions and configuration.

Optional audit logs, if enabled, can be deleted at any time by an administrator.

Sensitive credentials or tokens can be removed by deleting or changing the relevant app configuration or by uninstalling the app where applicable.

For support data submitted directly to DevOpsSystems, users may contact DevOpsSystems at:

info@devopssystems.de

Where DevOpsSystems processes personal data directly, the processing may be based on:

  • Art. 6(1)(b) GDPR – performance of a contract or pre-contractual measures,

  • Art. 6(1)(f) GDPR – legitimate interests, such as support, troubleshooting, security, product stability, communication, and protection of legal rights,

  • Art. 6(1)(c) GDPR – compliance with legal obligations,

  • Art. 6(1)(a) GDPR – consent, where consent is required and obtained.

Where optional aggregated usage statistics are enabled, processing may be based on Art. 6(1)(f) GDPR – legitimate interests, such as providing administrators with usage insights, improving transparency, supporting app administration, troubleshooting, and maintaining app stability – or Art. 6(1)(a) GDPR where consent is required and obtained.

Where optional audit logs include pseudonymous user identifiers or other identifiers, processing may be based on Art. 6(1)(f) GDPR – legitimate interests, such as administrative traceability, security, troubleshooting, abuse prevention, and protection of app configuration integrity – or Art. 6(1)(b) GDPR where processing is necessary to provide the app functionality.

For data processed inside the customer’s Atlassian environment, the customer is responsible for determining the applicable legal basis and configuring the app according to their own compliance requirements.

20. Rights of Data Subjects

Depending on the circumstances, data subjects may have the following rights under the GDPR:

  • right of access,

  • right to rectification,

  • right to erasure,

  • right to restriction of processing,

  • right to data portability,

  • right to object to processing,

  • right to withdraw consent where processing is based on consent,

  • right to lodge a complaint with a competent supervisory authority.

For data managed by the customer in Atlassian Cloud, requests should be directed to the organization operating the Atlassian Cloud site.

For data stored in a customer-managed Data Center environment, requests should be directed to the organization operating that environment.

For data processed directly by DevOpsSystems, requests may be submitted to:

info@devopssystems.de

21. Security

DevOpsSystems apps are designed to operate within the security boundaries of the relevant Atlassian platform and deployment model.

Forge apps use Atlassian Forge platform capabilities and Atlassian permission models.

Data Center apps operate within the customer-managed Atlassian environment.

Security practices may include:

  • least-privilege permissions where technically possible,

  • controlled access to development systems,

  • secure development practices,

  • code quality checks,

  • security checks,

  • dependency monitoring,

  • vulnerability management,

  • secret handling,

  • support and incident handling procedures.

DevOpsSystems applies secure development, vulnerability management, and support processes as described in the related Security Policy, Software Development Life Cycle, Vulnerability Management Program, and Service Level Agreement.

22. Customer Responsibilities

Security and data protection are shared responsibilities.

Customers are responsible for:

  • managing Atlassian users and permissions,

  • configuring app permissions and access rights,

  • securing their Atlassian environment,

  • reviewing app configuration,

  • managing credentials and tokens securely,

  • rotating and revoking credentials when no longer required,

  • reviewing logs before sharing them with DevOpsSystems,

  • controlling backups and retention,

  • applying host product updates,

  • applying app updates,

  • complying with internal and legal requirements.

For Data Center apps, customers are additionally responsible for securing the customer-managed infrastructure, database, file system, network, backups, administrator access, monitoring, and operational environment.

Additional information is available in the following documents:

24. Contact

For questions about this Privacy Policy, please contact:

DevOpsSystems GmbH
Saarpfalz-Park 1
66450 Bexbach
Germany

Email: info@devopssystems.de

25. Review and Updates

This Privacy Policy is reviewed periodically and may be updated to reflect changes in products, deployment models, app functionality, security practices, technologies, legal requirements, or business operations.

Last updated: