App Privacy Policy

App Privacy Policy

Last updated: 2026-01-15

This Privacy Policy explains how WojTech Solutions Ltd (“we”, “our”, or “us”) collects, uses, and protects personal data when you use the DevPulseIQ application (“App”). By installing or using the App, you agree to the practices described in this policy.

1. Information We Collect

When you use the App, we may collect the following information:

  • Atlassian account information – account ID as provided by Atlassian APIs, and a user name derived from the display name. Depending on your configuration, we may store either initials (e.g., “John Doe” → “JD”) or the full name. We do not store email addresses.
  • Project and issue data – Jira project configuration, field names, and issue metadata necessary to provide the App’s features. This includes generating analytics, dashboards, insights, benchmarks, and any future features that align with the App’s overall purpose of helping teams understand, track, and improve their delivery performance.
  • Usage data – metrics about how the App is used, such as feature usage patterns (e.g., dashboard views, clicks on features, configuration changes), error logs, and performance data. For internal service improvement, this may include pseudonymised identifiers such as account ID or tenant installation ID to analyse usage patterns, troubleshoot issues, and understand feature adoption at tenant or user level.
  • Administrative action logs – when an administrative user changes configuration or performs certain actions in the App, we may record their Atlassian account ID in an audit log. This is used to display change history in the admin UI, assist with support requests, and maintain security records.
  • Support communications – information you provide when contacting us for support. Please avoid including unnecessary personal or sensitive information. If such data is provided, it will be used only to resolve your request and deleted when no longer required.
1a. Data Categories

For clarity, we use the following data categories in this policy:

  • Customer Content – Jira data processed through the App (including project and issue data and related personal data) that you choose to make available to the App.
  • Tenant Management Data – data required to run and secure the App for a tenant, such as configuration, access control and permissions, administrative action logs, and operational usage metadata.
  • Derived & Aggregated Outputs – non-identifying statistical outputs generated from use of the App (such as benchmarks, trends, and derived metrics) that are intended not to identify individuals or organisations.
2. How We Use Your Information

We use the collected information to operate and improve the App, both for current functionality and for future features that align with the App’s stated purpose of providing delivery performance insights and analytics for Jira projects. This includes:

  • Providing and operating the App’s functionality.
  • Generating dashboards, reports, insights, benchmarks, and other analytics based on your data.
  • Developing and enhancing features, which may include new ways of analysing, visualising, or interpreting your data, as long as these remain consistent with the App’s stated purpose.
  • Monitoring and improving the App’s performance, reliability, and security.
  • Maintaining security and audit records for administrative actions, including recording the account ID of the user making the change.
  • Producing aggregated, anonymised industry benchmarks and trends for informational purposes, without including any identifiers.
  • Using optional feedback you provide to improve the product and highlight popular requests in product updates, in anonymised form.
  • Responding to your support requests.
  • Complying with legal obligations.

Derived & Aggregated Outputs: During normal operation, we may generate and use Derived & Aggregated Outputs (such as performance metrics, feature usage patterns, and benchmark results) to improve the App and provide comparative insights. Such outputs are intended to be non-identifying and, to the extent they do not constitute personal data under applicable law, are not subject to data subject rights that apply to personal data. For clarity, Derived & Aggregated Outputs may be retained and reused after Customer Content is deleted, and the intellectual property rights in those Derived & Aggregated Outputs belong to us.

You may request exclusion from anonymised benchmarking by contacting us.

3. Roles and Responsibilities

Under applicable data protection laws (including GDPR and UK GDPR), we act as a data processor for Customer Content processed through the App, on behalf of the customer who remains the data controller. This means we process Customer Content only in accordance with the customer’s instructions, as reflected by installing, configuring, and using the App. We act as a data controller for Tenant Management Data and for our own business-related data (such as billing, support communications, and website usage) and, separately, as an independent controller for Derived & Aggregated Outputs to the extent they do not constitute personal data.

Specifically:

  • Customer Content – You decide which projects and fields are synced and for what business purpose. We process the selected data in our systems (hosted in Azure, EU region) solely to provide the App’s functionality, including generating dashboards, insights, analytics, and aggregated benchmarks, in accordance with your instructions.
  • Tenant Management Data – We collect and process this data to operate, secure, and improve the App, including configuration, access controls, administrative logs, and operational usage metadata.
  • Derived & Aggregated Outputs – We may create non-identifiable statistical outputs and benchmarks across tenants. To the extent such outputs do not constitute personal data, they may be used and retained by us for product improvement and benchmarking.
  • Atlassian – Atlassian is an independent data controller for the Jira data held in its systems. We are not jointly responsible for their processing activities, and their processing is governed by their own terms and privacy policy.

Where we use third-party service providers (such as hosting providers) to process data on our behalf, those providers act as our processors and are bound by contractual obligations to protect your data.

3a. Legal Basis for Processing

We process personal data under the following lawful bases (GDPR/UK GDPR):

  • Contractual necessity – to process Jira data on your behalf and provide the App as configured by your organisation.
  • Legitimate interests – to improve the App, analyse aggregated usage, ensure performance and security, and produce anonymised benchmarks, provided these interests are not overridden by your rights and freedoms.
  • Legal obligation – to comply with applicable laws and respond to lawful requests from authorities.
4. Data Storage and Processing

DevPulseIQ is built on Atlassian Forge. Unless explicitly stated otherwise, App data is processed within Atlassian’s cloud infrastructure and is subject to Atlassian’s Cloud Terms of Service.

To provide the App’s functionality, including analytics and insights, DevPulseIQ processes selected Customer Content, configuration, and usage data in its own systems. Where such data is processed or stored outside Atlassian, it is hosted securely in Microsoft Azure within the EU region.

Support for additional regional hosting locations may be introduced in the future. This Privacy Policy will be updated if and when new regions become available.

International transfers: If any service providers are located outside the UK/EEA, we ensure appropriate safeguards are in place (such as the European Commission’s and/or UK ICO’s Standard Contractual Clauses) so that your rights are protected.

5. Data Sharing

We do not sell your personal data. We may share information only with:

  • Atlassian – as part of normal Forge app operation.
  • Service providers – for hosting, analytics, or error monitoring, bound by confidentiality and data protection obligations.
  • Authorities – if required by law or to protect our legal rights.
6. Data Retention and Automatic Cleanup

We retain synchronised issue data for as long as it is necessary to provide accurate analytics and insights for your Jira projects. This includes maintaining sufficient historical data to represent backlog and delivery trends, while the App remains actively connected to your Jira instance. Issues deleted in Jira are also removed from the App.

Deletion timelines: The deletion timelines described below are targets and may vary where technically necessary to ensure system integrity, reliability, or data consistency.

Automatic data cleanup (based on inactivity):

  • Short-term inactivity (typically within seven (7) days) – When we detect that your Jira instance has not connected to the App, we mark the tenant as inactive and typically purge synchronised ticket data for its projects within seven (7) days after the tenant becomes inactive. Configuration details remain temporarily available so that the connection can be restored without full re-setup.
  • Extended inactivity (typically within thirty-one (31) days) – If the connection remains inactive, we typically delete all remaining tenant data, including project configurations, field definitions, and analytics results, within thirty-one (31) days after the tenant becomes inactive. Only minimal audit records are retained for compliance and security purposes.

Backup retention and recoverability: After a tenant’s data is deleted, copies may remain in Azure’s standard disaster-recovery backups for up to ninety (90) days (approximately three months). Once this period elapses, the data becomes permanently unrecoverable.

For manual deletion requests outside these automated processes, please contact us via https://devpulseiq.com/contact. We will process such requests within a reasonable time.

Administrative audit logs: Audit entries linked to administrative actions may be retained for up to twelve (12) months for operational and security purposes, and are then pseudonymised or deleted unless a longer period is required for compliance.

7. Data Breach Notification

In the event of a data breach affecting your personal data, we will notify you or your organisation’s administrators without undue delay after becoming aware of it, and within any applicable legal timeframes. Notification will be made via email (where contact information is available) and/or by publishing a notice on our website or within the App’s user interface. The notification will include information on the nature of the breach, the data affected, the steps we are taking, and any recommended actions you should take.

8. Your Rights

Depending on your location, you may have rights under applicable data protection laws, including:

  • Access to the personal data we hold about you.
  • Correction of inaccurate or incomplete data.
  • Deletion of your personal data (“right to be forgotten”).
  • Restriction or objection to processing.
  • Data portability.

To exercise these rights, please submit a request via our contact page: https://devpulseiq.com/contact. We may require verification of your identity.

9. Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or misuse. These measures include encryption in transit and at rest, restricted access controls, and regular monitoring of system security. However, no method of transmission or storage is completely secure, and we cannot guarantee uninterrupted access or error-free operation of the App.

10. Cookies and Tracking

We do not use cookies, browser storage, tracking pixels, or similar tracking technologies within the App. Usage analysis is performed solely through server-side collection of API call metadata (e.g., what was accessed, when, and by which account ID or tenant ID).

11. Children’s Privacy

The App is not intended for children under 16 years old (or the minimum age of digital consent in your country), and we do not knowingly collect personal data from them.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last updated” date. Material changes may also be communicated via the Atlassian Marketplace listing.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: contact [at] devpulseiq [dot] com
Contact page: https://devpulseiq.com/contact

WojTech Solutions Ltd
Registered in England and Wales · Company No. 16713425
Registered Office:
C/O KEITH WILLIS ASSOCIATES LTD, GOTHIC HOUSE, BARKER GATE,
NOTTINGHAM, NG1 1JU, UK