/
Privacy policy

Privacy policy

Scope

Protecting your data and privacy is an important goal for us. This policy explains which data we are collecting, why we are collecting it, how long it will be stored and how can influence it. Please feel free to contact us in case you have any questions.

This policy is intended to precise the Atlassian's privacy policy which you read and accepted when downloading or installing a app.

Who we are - data controller

Whenever we are using "we" or "us" we mean:

Purde Software
Max-Friedlaender-Bogen 17
80339 München
Germany

Why do we collect data at all?

Collecting a certain amount of data is necessary to offer a good service for you. Please refer to the tables below to see which data we are collecting in which use case and why. In some cases we are not alone but use service provides. Those service providers have their own privacy policy - we provide links to those policies further below in this document.

The data we are collecting in our Confluence apps

Affected apps

Use case

Data collected

Reasons for data collection

Retention period

Involved third parties

Affected apps

Use case

Data collected

Reasons for data collection

Retention period

Involved third parties

All

Creating a ticket in our service portal

All data which you provide to us during the service case (your name, email address, descriptions, attachments etc.).

In order to process your service case we need some details (e.g. your contact data, the Confluence version you are using, the data of the page causing the problem etc.). Remark: the data is only visible to you and us.

We keep the details for 12 months after the ticket has been closed. This enables us to re-open the ticket in case the problem shows up again.

Atlassian

All

Contacting us via email

All data which you provide to us via email (your name, email address, descriptions, attachments etc.).

In order to process your service case we need some details (e.g. your contact data, the Confluence version you are using, the data of the page causing the problem etc.). Remark: The data is only visible to you and us.

We keep the details for 12 months after the problem has been solved. This enables us to get back to you quickly in case the problem shows up again.

GMail

All

Creating a ticket directly in the Bitbucket repository

All data which you provide to us during the service case (your name, email address, descriptions, attachments etc.).

In order to process your service case we need some details (e.g. your contact data, the Confluence version you are using, the data of the page causing the problem etc.). Additionally other users need to know which bugs have been existing in which version of the software. Remark: this data is visible to all users!

Please use the service portal in case you are worried about the mentioned facts.



We do not delete created bug reports or feature requests. They are kept for an unlimited time due to the reasons mentioned.

Please use the service portal in case you are worried about the mentioned facts.



Atlassian

All

Usage of apps

The distribution network providers such as CDNJS, jsdelivr or Google have access to your IP address when downloading the ressources.

see left

Dependent on the service provider

CDNJS, jsdelivr, Google

All Connect based cloud apps

Installation of cloud apps

The data needed to communicate with your Atlassian Cloud account. This includes e.g. AddOnKey, ProductType, ClientKey, BaseUrl, ServiceEntitlementNumber, SharedSecret, OauthClientId.

We need this data to connect our apps with Confluence cloud. Our apps are not functioning without those data.

In case you terminate the service your data will be deleted latest after 12 months.

Heroku, AWS, Logtail

All cloud apps

Usage of cloud apps

The request URL used by Atlassian to trigger our apps is stored in our logs. The request URL contains information like IP address, BaseUrl, user name, page ID etc.

We need those logging data to analyze problems and react on them properly in a timely manner.

Logging data are kept 30 calendar days and are automatically deleted after that.

Logtail, AWS

Simple Cite Server (prior to version 1.15.0)

Using the BibTeX function of Simple Cite

The commercial versions of Simple Cite uses our cloud service to render BibTeX cites. Our logs collect information like IP address, BibTeX entry to render, the requested format etc.

We need those logging data to analyze problems and react on them properly in a timely manner.

Logging data are kept of 7 calendar days and are automatically deleted after that.

Logtail

Smart Questions and Answers Cloud and Tree View Cloud

Access to email addresses

N/A

Remark: We are NOT storing email addresses. We only access them in case a notification should be send to the user via email.

N/A

N/A

N/A

Smart Questions and Answers Cloud

Access data to Slack

Access data to Slack (if used)

As a consequence of complying with Slack’s app approval criteria we need to store a copy of the access data to Slack. This is needed as Smart Questions and Answers must send a welcome message once a user opens the app’s tab.

Unlimited

AWS

Smart Questions and Answers Cloud

Providing answers

We use Tiny cloud. Tiny Technologies Inc. therefore has access to you IP address.

see left

depending on the service provider Tiny

Tiny Technologies Inc.

Smart Questions and Answers Cloud

Providing answers with AI support

In case you activated the option for AI answer support the selected service provider (currently only OpenAI) will get the title of the question and the question body.

Without providing question title and body no AI can suggest an answer.

Dependent on the service provider

OpenAI OpCo, LLC

Slack only: the data we are collecting in the Slack integration of Smart Questions and Answers for Confluence Cloud

The Slack integration functionality in Smart Questions and Answers for Confluence Cloud does NOT collect or store any data apart from the data listed below.

Topic

Logging data - the data we need to support you in case of issues

Connection data - the data the app needs to connect to Slack

Topic

Logging data - the data we need to support you in case of issues

Connection data - the data the app needs to connect to Slack

Data retention policy

Logging data is kept for 7 days in AWS (location Frankfurt)

The connection data (channel name, id and the encrypted secret) is kept as a content property inside Confluence as long as you do not delete the notification channel. This data is fully under your control - we don’t hold the data.

Data archival/removal policy

Logging data is removed after 7 days

Data storage policy

Logging data is kept for 7 days in AWS (location Frankfurt) to allow identification of issues. It is automatically deleted after that time.

Do we give your data away?

Apart from the mentioned involved third parties nobody else has access to the data. We do not give your data away.

Involved third parties policies

In the listing below you see the involved third party policies and in brackets the location of their service.

How to request a data deletion?

You may request us to delete certain data earlier than the planned retention period as shown above. Just raise a ticket our email us. Please consider that we need some data to service you.

Can I see my data stored?

Yes, you can. Just raise a ticket our email us.

Can I raise a complaint?

Yes, you can. Just raise a ticket our email us. In addition you also have the right to lodge a complaint with a supervisory authority.

You need a Data Processing Agreement for one of our Cloud apps?

You can use our template or send us yours.

Notice & Processing

How and when we give you notice

  • At installation: When you install or grant permissions to our Connect app, Atlassian’s consent dialog clearly lists the data scopes we request.

  • In‑app documentation: We link to this Privacy Policy from our app’s documentation.

  • Updates: If we make material changes to how we collect or process your data, we will post a prominent notice in the service portal and, where feasible, notify active administrators via email.

Processing details & legal basis

  • Purpose limitation: We only collect the data types listed in the “Data we collect” tables.

  • Lawful basis: Processing is necessary for the performance of our contract with you (installation, support and maintenance of the app) and to comply with legal obligations.

  • Data minimization: We do not collect any personal data beyond what is strictly required to provide the features you enable.

Openness & Data Access

How to request access, correction or deletion

  • Submit a request via our service portal (https://purde-software.atlassian.net/servicedesk/customer/portal/2) or by emailing support@purde.de.

  • What you can request:
    - Access to all personal data we hold about you
    - Correction of inaccurate data
    - Erasure (“right to be forgotten”) of data beyond our retention schedules
    - Restriction of processing or objection to certain processing activities
    - Data portability in a common machine‑readable format

Response time & escalation

  • We aim to acknowledge all requests within 5 business days and to complete them within 30 calendar days.

  • If you’re unsatisfied, you may lodge a complaint with your local supervisory authority.

International Transfers

Data hosting locations

  • All primary processing and storage takes place within the European Economic Area:

    • AWS (EU‑Central‑1, Frankfurt)

    • Heroku (EU region, Ireland)

Transfers to third‑party subprocessors

  • Some services we integrate (e.g. Betterstack/Logtail, Gmail, Atlassian, OpenAI) are located outside the EEA (primarily in the US).

  • For any transfer outside the EEA, we rely on EU Standard Contractual Clauses or equivalent safeguards implemented by those providers.

Your rights & safeguards

  • You can always request a copy of the SCCs or equivalent data‑transfer documentation from us.

  • We continuously monitor our subprocessors’ privacy commitments and will notify you of any material changes.