Privacy Policy

This Privacy Policy applies to the AI Test Studio for Jira Cloud Atlassian Marketplace app and related backend services used to operate the app. It is intended to describe how data is processed when the app is installed and used in Jira Cloud. This page is the privacy notice for the app itself, not a general website marketing notice.

1. Scope of this Privacy Policy

The app allows users to generate AI-assisted test cases, Gherkin scenarios, and related outputs from Jira issue content. The app may also interact with optional third-party test management tools such as Xray Cloud and Zephyr Scale when those integrations are enabled by the customer.

2. Data we process

Depending on how the app is used, we may process the following categories of data:

• Jira issue content: issue summary, issue description, and optional additional context provided through the app.
• Attachments: issue attachments and, where supported, extracted text or image content needed for AI generation.
• Generated outputs: generated test cases, Gherkin scenarios, steps, descriptions, labels, and similar output content.
• Installation and service metadata: Jira Cloud site identifier (cloudId / cloud_id), app environment data, timestamps, model usage metadata, token counts, and operational status information.
• Configuration data: tenant/cloud configuration, prompt configuration, and optional integration settings entered by administrators.

3. How we use data

• To receive, process, and fulfill requests made through the app.
• To generate AI-assisted outputs requested by the user.
• To write generated results back to Jira or, if configured by the customer, to connected tools such as Xray Cloud or Zephyr Scale.
• To manage licensing, trial access, service configuration, and tenant/cloud-level settings.
• To operate, secure, troubleshoot, and support the app.
• To maintain limited technical usage records such as token counts, timestamps, model information, and tool usage.

4. Data storage and retention

The app is designed to minimize persistent storage of Jira end-user content outside Atlassian products and services.

• We do not intentionally persist Jira issue content or attachments outside Atlassian after processing is complete, except where a customer chooses to publish generated results into Jira or connected tools.
• We do persist limited operational and configuration data, including cloud identifiers, app configuration, prompts, and technical usage metadata such as token counts, model information, and timestamps.
• Generated outputs may be stored in Jira and/or in optional connected tools such as Xray Cloud or Zephyr Scale, depending on the customer configuration and actions taken by the user.

5. AI and external processing

To provide the app functionality, the app may send necessary input data to external backend and AI services for transient processing. This may include Jira issue text, additional user-provided context, and selected attachment content where needed to generate the requested output.

We aim to send only the information required to fulfill the request and to avoid storing unnecessary end-user content after processing.

6. Sharing with third parties

We may share or transmit data only as reasonably necessary to provide the app and related services, including:

• Atlassian services, including Jira Cloud and Forge platform capabilities.
• AI providers used to generate requested outputs.
• Optional customer-enabled integrations, such as Xray Cloud and Zephyr Scale.
• Infrastructure or technical service providers involved in operating the app backend or related services.

We do not sell personal information and do not share end-user data with third parties for independent advertising purposes.

7. Logging and diagnostics

We use logging and diagnostics to operate and secure the service. Production logging is designed to minimize end-user content and avoid unnecessary storage of issue content, attachments, and similar request payload data in logs. Access to operational logs is restricted to authorized personnel.

8. International transfers

Depending on the customer configuration, selected integrations, hosting arrangements, and AI providers used, end-user data may be processed in jurisdictions outside the country or region where the customer or user is located, including outside the European Economic Area.

9. Security

We implement reasonable technical and organizational measures designed to protect data against unauthorized access, disclosure, alteration, or destruction. No method of transmission or storage is completely secure, but we take data minimization, access control, and operational security seriously.

10. Roles under privacy law

Depending on the context and applicable law, we may act as a processor or service provider when handling customer data to deliver the app functionality, and we may also act as a controller for limited business purposes such as security, billing, licensing, compliance, and service administration.

11. Customer and user rights

Customers and users may have rights under applicable privacy laws, including rights related to access, correction, deletion, objection, restriction, or data portability. Because much of the relevant content originates from Jira or connected systems, requests may need to be coordinated with the relevant customer administrator or Atlassian workspace owner.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the app, legal requirements, integrations, or operational practices. The updated version will be posted on this page with a revised effective date.

13. Contact

For privacy questions or requests related to the app, contact: contact@aiteststudio.com