Privacy Policy

Last updated: March 21, 2026

This Privacy Policy describes how Pogolli ("we", "us", "our") handles data in connection with Customata and any other applications ("Apps") we publish on the Atlassian Marketplace. We are committed to protecting your privacy and being transparent about our data practices.

Summary: Our Apps run entirely on Atlassian Forge. We do not operate external servers. All application data is stored within Atlassian's infrastructure. We do not sell, rent, or share your data with third parties.

1. Data We Access

Our Apps access data within your Atlassian instance as needed to provide their functionality. Depending on the App and your configuration, this may include:

Jira issue data (fields, status, priority, assignee, comments)
Project and board configuration
User information (display name, email address, account ID) as provided by Atlassian APIs
Automation rule configurations and execution context

We access only the data necessary for the App's functionality, as defined by the API scopes declared in our Forge manifest.

2. Data Storage

All data generated or stored by our Apps is kept within Atlassian's infrastructure using Forge-hosted storage (Key-Value Store and/or Forge SQL). This includes playbook configurations, execution logs, user preferences, and encrypted secrets.

Data type	Storage location
Playbook definitions	Forge Storage (Atlassian-hosted)
Execution logs	Forge Storage (Atlassian-hosted)
User preferences	Forge Storage (Atlassian-hosted)
Secrets / API tokens	Forge Storage (Atlassian-hosted, encrypted)

We do not operate external servers, databases, or any infrastructure outside of Atlassian's platform.

3. Data Shared with External Services

Customata includes a Web Request node that allows administrators to configure outbound HTTP requests to external services. When this feature is used:

The destination URL and request payload are configured entirely by the Jira administrator
We do not control or monitor the external endpoints chosen by the administrator
Data sent to external services is determined by the playbook configuration created by the administrator
No data is sent to external services without explicit configuration by the administrator

Important: If you use the Web Request node, you are responsible for ensuring that the external services you connect to comply with your organization's data governance, privacy, and security policies.

4. Data We Do Not Collect

We do not:

Collect or store personal data on our own servers
Use analytics or tracking services within our Apps
Sell, rent, or share user data with third parties
Use your data for advertising or marketing purposes
Train AI or machine learning models on your data

5. Data Residency

Because our Apps use Forge-hosted storage, data residency is managed by Atlassian in accordance with their data residency policies. For information about where your data is stored, please refer to Atlassian's Data Residency documentation.

6. Data Retention and Deletion

Application data stored in Forge Storage persists for the duration of the App installation. When the App is uninstalled from your Atlassian site, all associated data in Forge Storage is deleted in accordance with Atlassian's data retention policies. If you need specific data deleted prior to uninstallation, please contact us.

7. Your Rights

Depending on your location, you may have certain rights regarding your personal data, including:

Access: Request information about what data we process
Correction: Request correction of inaccurate data
Deletion: Request deletion of your personal data
Portability: Request a copy of your data in a portable format
Objection: Object to certain types of data processing

Since all data is stored within Atlassian's infrastructure and we do not maintain external copies, most data management actions can be performed directly within your Atlassian instance. For any requests related to your rights, please contact us at support@pogolli.com.

8. Security

Our Apps benefit from the security measures provided by the Atlassian Forge platform, including tenant isolation, restricted API scopes, and encrypted storage. We follow secure development practices and keep our dependencies up to date. For more information about Forge security, see Atlassian's Forge security documentation.

9. Children's Privacy

Our Apps are designed for use by businesses and professionals. We do not knowingly collect personal information from children under the age of 16.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised "Last updated" date. We encourage you to review this page periodically.

Contact

For privacy-related questions or data requests, please contact us:

Email: support@pogolli.com

Security: security@pogolli.com

Web: pogolli.com