Privacy Policy for Flow Metrics Charts for Jira Cloud: Data Access, Usage, and Security Measures
Last Updated: January 14, 2026
Effective Date: January 14, 2026
1. Introduction
Flow Metrics Charts for Jira Cloud ("the App", "our App", "we", "us", or "our") is an Atlassian Forge application that provides comprehensive flow metrics visualization and analysis for Jira Cloud projects. This Privacy Policy explains how we collect, use, store, and protect information when you use our App.
By installing and using Flow Metrics Charts for Jira Cloud, you agree to the terms outlined in this Privacy Policy.
2. Application Overview
Flow Metrics Charts for Jira Cloud is a serverless application built on the Atlassian Forge platform that:
Computes and visualizes lead time, cycle time, throughput, aging, and WIP (Work in Progress) metrics
Provides interactive charts and dashboards for Jira projects
Analyzes issue workflow data to generate flow metrics
Operates entirely within Atlassian's secure Forge infrastructure
3. Information We Access and Collect
3.1 Jira Data Accessed
To provide flow metrics functionality, our App accesses the following data from your Jira Cloud instance through Atlassian's APIs:
Issue Data:
Issue keys, summaries, and descriptions
Issue types, statuses, and priorities
Issue creation dates, update dates, and resolution dates
Assignees, reporters, and other user information
Custom field values
Labels and components
Project Data:
Project names, keys, and identifiers
Project configurations and settings
Workflow schemes and board configurations
Workflow Data:
Status categories and transitions
Issue changelog and history
Time spent in each workflow status
User Data:
User account IDs and display names (for filtering and attribution)
User avatars (for display purposes only)
3.2 Technical Data
Our App may collect technical information to ensure proper functionality:
Error logs and diagnostic information
App usage metrics (anonymized)
Performance data
3.3 Data We Do NOT Collect
No Personal Credentials: We never collect or store your Atlassian credentials, passwords, or API tokens
No Payment Information: All payments are processed by Atlassian Marketplace
No Third-Party Tracking: We do not use third-party analytics or advertising tools
No External Data Storage: All data processing occurs within Atlassian's Forge infrastructure
4. How We Use Your Data
We use the accessed data solely for the following purposes:
4.1 Core Functionality
Metrics Calculation: Computing lead time, cycle time, throughput, aging, and WIP metrics based on issue history
Visualization: Generating interactive charts and dashboards for flow metrics
Filtering and Analysis: Providing filtering options by project, issue type, status, assignee, and custom fields
Trend Analysis: Calculating percentiles, averages, and trends over time
4.2 Performance and Quality
Error Detection: Identifying and resolving technical issues
App Optimization: Improving performance and user experience
Support: Providing customer support and troubleshooting
4.3 Legal Compliance
Complying with applicable laws and regulations
Responding to legal requests or preventing fraud
5. Data Storage and Security
5.1 Atlassian Forge Infrastructure
Our App is built on Atlassian Forge, a secure serverless platform:
No External Servers: All code runs on Atlassian's infrastructure
Ephemeral Processing: Data is processed in memory and not persisted beyond the session
Atlassian Security: Benefits from Atlassian's enterprise-grade security measures
5.2 Data Retention
No Persistent Storage: Our App does not store your Jira data in external databases
Session Data Only: Data is loaded from Jira APIs on-demand for real-time calculation
Cache: Temporary caching may occur within Atlassian's Forge infrastructure for performance optimization (typically seconds to minutes)
Logs: Error logs and diagnostic data are retained for up to 90 days for troubleshooting purposes
5.3 Security Measures
We implement security best practices:
API Security: All API calls use secure OAuth 2.0 authentication
Encryption: Data in transit is encrypted using TLS/HTTPS
Access Control: Respects Jira's permission model; users can only see data they have permission to access
Regular Updates: Dependencies and libraries are regularly updated to address security vulnerabilities
6. Data Sharing and Third Parties
6.1 No Data Selling
We never sell, rent, or trade your data to third parties for marketing or advertising purposes.
6.2 Atlassian Services
Our App relies on Atlassian's infrastructure:
Atlassian Forge Platform: Hosts and runs our application code
Jira Cloud APIs: Provides access to your Jira data
Atlassian Marketplace: Handles app distribution and licensing
Atlassian's use of data is governed by their Privacy Policy.
6.3 Legal Requirements
We may disclose data if required by law, legal process, or to:
Comply with valid legal requests
Protect the rights, property, or safety of users
Prevent fraud or security threats
7. Your Rights and Choices
7.1 Access and Control
You maintain full control over your data:
Access: Your data remains in your Jira Cloud instance
Modification: Changes to Jira data are immediately reflected in the App
Deletion: Deleting issues or data in Jira removes it from the App's calculations
7.2 Uninstall
You can uninstall the App at any time:
Navigate to Jira Settings > Apps > Manage Apps
Find "Flow Metrics Charts for Jira Cloud" and click Uninstall
All app-related processing will immediately cease
7.3 Data Subject Rights (GDPR/CCPA)
If you are in the European Economic Area (EEA), United Kingdom, or California, you have additional rights:
Right to Access: Request information about data processing
Right to Rectification: Correct inaccurate data (via Jira)
Right to Erasure: Request deletion of your data
Right to Restrict Processing: Limit how your data is processed
Right to Data Portability: Receive your data in a structured format
Right to Object: Object to data processing
Right to Withdraw Consent: Opt out of data processing (by uninstalling the App)
To exercise these rights, contact us at the email address below.
8. International Data Transfers
Our App operates on Atlassian's global infrastructure. Your data may be processed in:
United States
European Union
Other regions where Atlassian maintains data centers
Atlassian implements appropriate safeguards for international data transfers, including:
Standard Contractual Clauses (SCCs)
EU-US Data Privacy Framework certification
Other lawful transfer mechanisms
9. Children's Privacy
Our App is intended for business use and is not directed at children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect:
Changes in our data practices
New features or functionality
Legal or regulatory requirements
Notification of Changes:
Updated "Last Updated" date at the top of this policy
Material changes will be announced through:
Atlassian Marketplace app listing
In-app notifications (if applicable)
Email notification to Jira administrators
Your Continued Use: Continued use of the App after changes constitutes acceptance of the updated Privacy Policy.
11. Compliance and Certifications
11.1 GDPR Compliance
We comply with the General Data Protection Regulation (GDPR) for users in the EEA/UK:
Lawful Basis: Processing is based on consent (app installation) and legitimate interests (providing the service)
Data Minimization: We access only data necessary for flow metrics functionality
Data Protection by Design: Security measures are built into the App's architecture
11.2 CCPA Compliance
For California residents, we comply with the California Consumer Privacy Act (CCPA):
We do not sell personal information
You have the right to know what data is collected and how it's used
You have the right to request deletion of your data
11.3 SOC 2 and ISO 27001
Our App benefits from Atlassian's certifications:
Atlassian Forge infrastructure is SOC 2 Type II certified
Atlassian maintains ISO 27001 certification for information security
12. Cookies and Tracking
Our App does not use cookies or tracking technologies directly. However:
Atlassian Platform: Jira Cloud may use cookies for authentication and functionality
No Third-Party Trackers: We do not integrate Google Analytics, Facebook Pixel, or similar services
13. Support and Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: support@divim.io
Atlassian Marketplace: Flow Metrics Charts for Jira Cloud on the Atlassian Marketplace
Response Time: We aim to respond to all privacy inquiries within 30 days.
14. Data Processing Agreement (DPA)
For enterprise customers requiring a Data Processing Agreement:
Our App operates under Atlassian's DPA framework
Atlassian's DPA is available at: https://www.atlassian.com/legal/data-processing-addendum
For specific DPA requests, please contact us at the email above
15. Transparency Commitments
We are committed to transparency:
No Hidden Data Collection: We only access data necessary for flow metrics
Clear Permissions: All permissions requested are listed in the Atlassian Marketplace
Regular Audits: We regularly review our data practices for compliance
16. Security Incident Response
In the unlikely event of a data breach:
Immediate Investigation: We will investigate and contain the breach
Atlassian Notification: Report the incident to Atlassian
User Notification: Notify affected users within 72 hours (GDPR requirement)
Regulatory Reporting: Report to relevant authorities as required by law
Remediation: Implement measures to prevent future incidents
17. Limitation of Liability
Our App is provided "as is" without warranties. We are not liable for:
Data loss resulting from Jira Cloud platform issues
Unauthorized access to your Jira instance
Third-party actions beyond our control
18. Governing Law
This Privacy Policy is governed by:
GDPR for users in the EEA/UK
CCPA for users in California
Applicable Local Laws in your jurisdiction
For dispute resolution, users in the EEA/UK may lodge complaints with their local Data Protection Authority.
19. Forge-Specific Privacy Considerations
As an Atlassian Forge app:
Sandboxed Environment: Our App runs in an isolated, secure environment
Atlassian-Managed Infrastructure: All servers and infrastructure are managed by Atlassian
API Rate Limits: We respect Atlassian's API rate limits to ensure platform stability
Forge Permissions: We request only the minimum permissions needed:
read:jira-work- Read issue and project dataread:jira-user- Read user information for attributionstorage:app- Store app configuration (not user data)
20. Your Jira Administrator's Role
Your Jira administrator has control over:
App Installation: Installing or uninstalling the App
User Access: Managing which users can access the App
Project Access: Configuring which projects the App can analyze
Permissions: The App respects Jira's existing permission scheme
Users can only view metrics for issues they have permission to see in Jira.
Summary
What We Access: Jira issue data, workflows, and changelogs for flow metrics calculation
How We Use It: Computing and visualizing lead time, cycle time, throughput, aging, and WIP metrics
Where It's Stored: Processed in Atlassian's Forge infrastructure; no external storage
Who We Share With: No one; data is not shared outside Atlassian's platform
Your Control: Full control via Jira permissions and the ability to uninstall anytime
Questions? support@divim.io