Privacy Policy

1. Who We Are

MyStatement, Inc. ("we", "us", "our") is the provider of the Sign for Jira app (the "App") listed on the Atlassian Marketplace. This Privacy Policy explains how we process personal data in connection with the App and our website.

2. Role Under GDPR

When an organization installs and uses the App in its Atlassian Cloud site, that organization is the Data Controller. We act as a Data Processor (or service provider) and process personal data only on the Controller's documented instructions.

3. Data We Process via the App

To provide the App's functionality, we may process the following categories of data:

• Atlassian account identifiers (e.g. accountId, display name)
• Signature and audit data (who signed, when, on which Jira issue, and the reason)
• Configuration data related to signature policies and access control
• Technical logs and metadata necessary for security, support, and troubleshooting

We do not store or have access to your Atlassian passwords. Signing PINs (if used) are stored only as hashed values using secure, Forge-backed storage.

4. Data We Process via Our Website

When you visit our website, we may collect basic technical information (such as IP address, browser type, and pages visited) to operate and secure the site. If you contact us, we process the information you provide (such as name, email, and message) to respond to your request.

5. Legal Bases

Where applicable, we rely on the following legal bases:

• Performance of a contract (providing the App to your organization)
• Legitimate interests (ensuring security, preventing abuse, improving reliability)
• Compliance with legal obligations

6. How and Where Data Is Processed

The App is built on Atlassian Forge. All core processing and storage occur within Atlassian's cloud infrastructure, subject to Atlassian's security certifications and data residency capabilities. We do not export App data to our own external servers unless strictly necessary for support or troubleshooting, and then only with your consent.

7. Sub-processors

The primary sub-processor is Atlassian, which provides the Forge platform. Additional sub-processors (if any) used for monitoring or support will offer appropriate data protection safeguards and can be disclosed upon request.

8. Data Retention

We retain personal data processed via the App for as long as the App is installed in your Atlassian site and for a short period thereafter for backup and audit purposes. When you uninstall the App, we delete or anonymize related data within a commercially reasonable timeframe, typically within 30 days.

9. Data Subject Rights

Depending on your location, you may have rights to access, correct, delete, or restrict processing of your personal data. As we act as a Processor, requests should generally be directed to your Atlassian site administrator (the Controller). We will support the Controller in responding to such requests where required.

10. International Transfers

Where data is transferred outside of your jurisdiction by Atlassian or our sub-processors, such transfers are protected by appropriate safeguards (such as Standard Contractual Clauses) as provided by those providers.

11. Security

We apply appropriate technical and organizational measures, including encryption, access control, and audit logging, to protect personal data processed by the App. For more information, see our Cloud Security Statement.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date indicates the latest version. Material changes will be communicated via our website or Marketplace listing.

13. Contact