Privacy Policy - Portfolio Manager

This Privacy Policy describes how Portfolio Manager ("we", "our", or "the App") collects, uses, and protects your information when you use our application integrated with Atlassian Forge platform.

By using the App, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information Provided by Atlassian/Jira

As a Forge app running within your Atlassian environment, we access only the data explicitly granted through Atlassian permissions:

Project data: Project keys, names, leads, and avatar URLs
Issue data: Issue keys, titles, statuses, assignees, and dependency links
Epic/Roadmap data: Epic titles, start/due dates, and status categories
User context: Atlassian user ID and display name (for personalization only)

1.2 Information We Do NOT Collect

✅ We do NOT collect:

Passwords, API tokens, or authentication credentials
Issue descriptions, comments, attachments, or custom field content beyond what's needed for display
Personal email addresses, phone numbers, or physical addresses
Usage analytics, tracking pixels, or third-party cookies
Data from outside your Atlassian organization

1.3 Automatically Collected Technical Data

Minimal technical information is processed temporarily to ensure app functionality:

Browser type and version (for compatibility checks)
Forge runtime environment identifiers (managed by Atlassian)
Error logs (anonymized, retained max 30 days for debugging)

2. How We Use Your Information

We use the collected data solely to provide and improve the App's core functionality:

Display portfolio views: Render projects, dependencies, and roadmap timelines
Enable filtering & search: Allow you to filter by project, lead, or dependency type
Support real-time updates: Refresh stats when Jira issues change (via Forge events)
Maintain app state: Preserve your selected filters and tab preferences during your session
Ensure security: Validate permissions and prevent unauthorized data access

We do not: sell, rent, trade, or monetize your data in any way.

3. Data Storage & Security

3.1 Where Data Is Processed

Client-side: All data rendering occurs in your browser. No portfolio data is stored permanently on our servers.
Atlassian Forge: Temporary caching may occur within Atlassian's secure infrastructure per their Privacy Policy.
No external databases: We do not maintain independent databases containing your Jira data.

3.2 Security Measures

✅ All communication uses HTTPS/TLS encryption
✅ Forge sandbox isolation prevents cross-tenant data access
✅ Principle of least privilege: App requests only required Atlassian scopes
✅ Regular security reviews and dependency updates
✅ No logging of sensitive issue content or user identifiers

4. Data Sharing & Third Parties

We do not share your Jira data with any third parties.

The only external service involved is the Atlassian Forge platform, which hosts and runs the app. Atlassian's data handling practices are governed by their own privacy policy and enterprise agreements.

We do not integrate with analytics services (Google Analytics, Mixpanel, etc.), advertising networks, or data brokers.

5. Your Rights & Choices

5.1 Access & Control

View your data: All data displayed in the App comes directly from your Jira instance. You control what projects/issues are visible via Jira permissions.
Revoke access: Remove the App anytime via Atlassian Admin → Apps → Manage apps. All cached session data is immediately cleared.
Data portability: Export portfolio views using your browser's print/save functionality or Jira's native export tools.

5.2 Regional Rights (GDPR/CCPA)

If you are in the European Economic Area, California, or other regions with data protection laws, you may have additional rights including:

Right to access, correct, or delete personal data
Right to restrict or object to processing
Right to data portability

Since we process minimal personal data and act only as a viewer for your Jira content, most requests should be directed to your Atlassian organization administrator. For App-specific inquiries, contact us below.

6. Children's Privacy

The App is not directed to individuals under 16. We do not knowingly collect information from children. If you believe a minor has provided data through your Jira instance, please contact your Atlassian administrator.

7. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Updates will be posted here with a revised "Last Updated" date. Material changes will be communicated via:

In-app notification banner
Atlassian Marketplace listing update
Email to registered app administrators (if contact info is provided)

Continued use of the App after changes constitutes acceptance of the updated policy.

8. Contact Us

For questions about this Privacy Policy or the App's data practices:

Email: felixtrihardjo@gmail.com
Atlassian Marketplace: Portfolio Manager Support
Response time: We aim to respond within 5 business days.

For security vulnerabilities, please follow responsible disclosure practices and contact us directly.