Last updated: February 12, 2026
1. Introduction
This Privacy Policy describes how User Account Manager ("the App", "we", "our") collects, uses, stores, and protects information when you install and use our application available on the Atlassian Marketplace.
User Account Manager is a Forge-based application that runs entirely on Atlassian's cloud infrastructure. We do not operate any external servers or databases.
2. Information We Collect
2.1 Data Accessed (Read-Only, Not Stored)
The App reads the following data in real-time through Atlassian APIs to display it in the user interface. This data is not stored by the App:
- User display names and email addresses
- User account status (active/inactive)
- User product access and group memberships
- Organization membership details
- Project and space information
- Service desk customer and organization data
- License usage information
This data is fetched on demand and exists only in the user's browser session. Once the page is closed, this data is no longer retained by the App.
2.2 Data Stored
The App stores the following data in Atlassian Forge Storage, which is encrypted at rest and managed by Atlassian:
| Data | Purpose | Retention |
|---|---|---|
| Atlassian Admin API key | Authenticate API requests to retrieve organization data | Until manually deleted by the administrator |
| Inactivity warning thresholds | App configuration settings per product | Until manually changed or deleted |
| Protected email whitelist | Prevent accidental modification of specified accounts | Until manually changed or deleted |
| Audit logs | Record administrative actions performed through the App | Until application uninstall |
2.3 Audit Log Contents
When an administrator performs an action through the App (such as deactivating a user account or revoking product access), the following information is recorded in the audit log:
- Timestamp of the action
- Account ID of the administrator who performed the action
- Account ID of the affected user
- Type of action performed
- Status of the action (success or error)
- Relevant details (product name, error messages)
3. How We Use Information
The information accessed and stored by the App is used exclusively to:
- Display user and license management dashboards
- Enable administrators to manage user accounts, product access, and group memberships
- Provide audit trails for compliance and accountability
- Configure application settings and thresholds
We do not use any data for:
- Advertising or marketing purposes
- Analytics or profiling
- Training machine learning models
- Any purpose unrelated to the App's core functionality
4. Data Storage and Security
4.1 Infrastructure
The App is built on Atlassian Forge, a serverless platform hosted and managed by Atlassian. All data processing and storage occurs within Atlassian's cloud infrastructure.
- No external servers: The App does not transmit data to, or store data on, any third-party servers or infrastructure outside of Atlassian's platform.
- Forge Storage: All persistent data is stored in Atlassian Forge Storage.
- No local storage: The App does not use browser local storage, cookies, or session storage to persist user data.
4.2 Encryption
- At rest: Data stored in Forge Storage is encrypted at rest by Atlassian using industry-standard encryption (AES-256 or equivalent).
- In transit: All communications between the App and Atlassian APIs use HTTPS/TLS encryption.
4.3 API Key Security
The Atlassian Admin API key provided by the administrator is:
- Stored securely in Forge Storage (backend only)
- Never exposed to the frontend or browser
- Never transmitted to external services
- Displayed as a masked value in the user interface
4.4 Access Control
Access to the App and all its functions is restricted to Jira organisation administrators, enforced by Atlassian's jira:adminPage module at the platform level. Non-administrator users cannot access, view, or invoke any functionality of the App.
5. Data Sharing
We do not share, sell, rent, or disclose any data collected or accessed by the App to any third parties.
The only external API communication is between the App's backend (running on Forge) and the Atlassian Admin API (api.atlassian.com) to retrieve organization-level user data. This communication stays within Atlassian's ecosystem.
6. Data Retention
- Dynamic data (user lists, group memberships, etc.): Not retained. Fetched on demand and discarded when the session ends.
- Configuration data (API key, thresholds, whitelist): Retained until the administrator manually deletes or modifies it.
- Audit logs: Retained until the administrator manually deletes them through the App's interface.
7. Data Deletion
Administrators can delete all stored data at any time:
- Configuration settings: Can be deleted from the Settings tab
- Full deletion: Uninstalling the App from the Atlassian instance removes all associated Forge Storage data
8. Data Export
The App provides CSV export functionality for:
- User lists with account details
- Audit logs
These exports are generated client-side in the administrator's browser and are not transmitted through or stored on any server.
9. GDPR Compliance
The App is designed with GDPR compliance in mind:
- Data minimization: We only access data necessary for the App's functionality
- Purpose limitation: Data is used solely for user management purposes
- Storage limitation: No data is retained beyond what is necessary
- Right to erasure: Administrators can delete all stored data at any time
- Data portability: Audit logs and user data can be exported as CSV
- Security: All data remains within Atlassian's encrypted infrastructure
9.1 Data Processor
As a Forge application, the App operates as a data processor within Atlassian's infrastructure. Atlassian acts as the sub-processor for data storage and infrastructure security. The customer (the organization that installs the App) remains the data controller.
10. International Data Transfers
The App does not independently transfer data across borders. Data residency is determined by the customer's Atlassian Cloud instance configuration and Atlassian's data residency policies.
11. Children's Privacy
The App is designed for business use by Atlassian administrators and is not intended for use by children under 16 years of age.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be reflected by updating the "Last updated" date at the top of this document. We encourage users to review this Privacy Policy periodically.
13. Contact Us
If you have any questions about this Privacy Policy or the App's data practices, please contact us:
Open a Support Ticket