SPHIOR Logo
SPHIOR

Privacy Policy

Sphior Ledger for Jira

This Privacy Policy explains how Sphior ("we", "us", "our") handles data when you use Sphior Ledger for Jira (the "App"), distributed via the Atlassian Marketplace and installed into your Jira Cloud instance.

1. Who we are

Sphior is the publisher of Sphior Ledger for Jira. Contact: support@sphior.com. Website: https://ledger.sphior.com

2. Architecture summary — "Runs on Atlassian"

Sphior Ledger is built on Atlassian Forge and is eligible for Atlassian's Runs on Atlassian program. The App does not transmit any of your data to servers outside the Atlassian Cloud infrastructure. All processing happens inside Forge Functions running in Atlassian's managed runtime. All persistent data is stored exclusively in Forge Storage, which lives inside your Atlassian tenant. The App declares zero outbound network egress in its manifest.

3. Data we process

The App reads, hashes, and stores Jira configuration metadata for the purpose of providing change tracking, blast-radius analysis, and audit evidence. Specifically: workflows and workflow schemes; permission schemes; custom field definitions (definitions only — not issue field values); project and screen metadata (used for the dependency graph); Jira audit-log entries (used for best-effort attribution of changes to a user account ID, only on Standard, Premium, or Enterprise Jira). The App also stores a SHA-256 hash chain of the above records to provide tamper-evidence of the audit ledger.

4. Data we do NOT process

We do not read issue contents, comments, attachments, or any end-user-generated content in Jira. We do not collect telemetry, analytics, or usage metrics. We do not sell, share, or otherwise disclose any data to third parties. The App has no third-party sub-processors. We do not store personally identifiable information beyond the Atlassian account IDs returned by the Jira audit log API, which are necessary to attribute configuration changes to operators.

5. Where data is stored

All data captured by the App is stored in Forge Storage (provided by Atlassian) inside your tenant. We, as the App publisher, do not operate any external database, backup system, or analytics pipeline. We have no direct read access to your stored data.

6. Data retention

The App provides an operator-configurable retention policy (default: 30 days for unprotected snapshots). Old snapshots are deleted automatically. Log entries are retained for the full retention window for tamper evidence. Operators may flag specific snapshots as "protected" to exempt them from retention. When the App is uninstalled, Atlassian deletes all Forge Storage data associated with the installation according to Atlassian's standard data lifecycle.

7. Sub-processors

None. The App relies exclusively on Atlassian Forge infrastructure. Atlassian's privacy practices apply to all data stored in Forge Storage — see https://www.atlassian.com/legal/privacy-policy.

8. Security

All data transit between the App and the Jira REST API occurs over TLS and within Atlassian's infrastructure. The App requests the minimum scopes needed for its declared functionality. See the in-app onboarding screen for a breakdown. The App is subject to Atlassian's Marketplace security review.

9. International transfers

Because all data remains within the Atlassian Cloud infrastructure serving your tenant, no international transfer is performed by us. Refer to Atlassian's Privacy Policy for details on how Atlassian itself handles regional data residency.

10. Your rights (GDPR / CCPA)

If you are subject to GDPR, CCPA, or similar regulations, you have the right to access, correct, and delete the data the App stores about you. Because the App holds only Atlassian account IDs (already accessible to you within Jira), most rights can be exercised directly within Jira. To request deletion of the App's stored data, uninstall the App; all data is deleted automatically. For other inquiries, contact support@sphior.com.

11. Children

The App is not intended for use by individuals under the age of 16.

12. Changes to this Policy

We may update this Policy from time to time. The "Last updated" date at the top of this page will reflect any change. Material changes will be announced in the App's Marketplace listing.

13. Contact

support@sphior.com

Last updated: 2026-06-14