Legal
Privacy Policy
This Privacy Policy explains how personal data is handled by the Atlassian Forge apps distributed by AB Apps through the Atlassian Marketplace: Team Reminders for Jira, Approval Nudge for Jira Service Management, and any future AB Apps Forge app that links to this policy.
Independence. AB Apps is an independent software vendor. We are not affiliated with, endorsed by, or sponsored by Atlassian. "Jira", "Jira Service Management", and "Forge" are trademarks of Atlassian Pty Ltd.
The short version
- Our apps run entirely on Atlassian's Forge platform. Your Jira data never leaves your Atlassian instance.
- We make no external network calls from the apps and send no data to any third party.
- We store only the minimal configuration and state each app needs (reminder settings, escalation cadence, and timestamps of past reminders/nudges) in Atlassian-hosted Forge storage.
- We use no third-party analytics, advertising, or tracking — in the apps or on this website. This site sets no cookies.
- Your data stays in the data residency region of your host Atlassian product.
- When you uninstall an app, its data in Forge storage is deleted by the platform.
- We never see or store payment details — Atlassian is the merchant of record and handles all billing and tax.
1. Who we are
The AB Apps establishment responsible for these apps, and your point of contact for any privacy matter, is:
- Trading name: AB Apps
- Legal entity: AB Apps, an independent EU-based software vendor. Registered legal details are available on request via support@abapps.dev.
- Location: European Union
- Support & privacy contact: support@abapps.dev
- Website: abapps.dev
2. Roles under the GDPR
Because our apps operate inside your Atlassian products, responsibilities are shared:
- You (the Atlassian product administrator / your organisation) are the data controller of the personal data held in your Jira or Jira Service Management site — for example account identifiers, issue metadata, and approval records.
- AB Apps acts as a data processor for that data. We process it only to provide the app's functionality, only within your Atlassian environment, and only in line with each app's declared permissions.
- The apps run on the Atlassian Forge platform, which Atlassian operates and on which the app data resides. Your relationship with Atlassian, and Atlassian's own privacy and security commitments, govern that platform.
- AB Apps acts as an independent data controller only for the limited personal data you send us directly and outside the apps — for example, the contents of a support email you choose to send us (see Section 8).
3. What data our apps access, and why
Our apps request the minimum Atlassian permission scopes needed to work. They access data within your Atlassian product only and process it in real time to deliver the feature you configured. The scopes below are declared in each app's Forge manifest and shown to you before installation.
| Data accessed | Scope(s) | Why it is needed |
|---|---|---|
| Jira issue metadata (issue key, summary, assignee, status; for Approval Nudge, approval status and approver list) | read:jira-work, read:servicedesk-request |
To find the issues/requests you set reminders on, to identify due reminders, and to detect pending approvals that need a nudge or escalation. |
| Writing an issue or request comment | write:jira-work, write:servicedesk-request |
To deliver a reminder or approval nudge as a comment on the relevant issue or portal request, so the right people are notified inside your product. For Approval Nudge, an optional customer-visible portal comment can be posted (off by default). |
| Atlassian account IDs of the people involved (you, the current assignee, chosen recipients, pending approvers) | read:jira-user |
To @-mention the correct recipients and to send reminders to the current assignee or specific teammates. We use the opaque Atlassian account ID and do not build separate profiles of users. |
| App configuration and state (reminder date/time and recipients, timezone, escalation cadence and thresholds, timestamps of reminders/nudges already sent) | storage:app |
To remember what you asked the app to do, to fire reminders at the correct local time, and to avoid sending duplicate reminders/nudges. |
Team Reminders for Jira requests: read:jira-work, write:jira-work, read:jira-user, storage:app.
Approval Nudge for JSM requests those four plus read:servicedesk-request and write:servicedesk-request.
Delivery of notifications. Reminders and nudges are delivered as comments inside your Atlassian product. Any resulting email notification is generated by Atlassian's own notification system, not by AB Apps. Our apps do not send email directly and have no external email or messaging capability.
Data we do not collect. We do not collect or store passwords or credentials, payment or card data, marketing or behavioural profiles, cookies or device identifiers set by us, IP-based location, or any special-category (sensitive) personal data. We do not read issue content beyond the metadata needed for the feature, and we do not export any data outside Atlassian.
4. Where your data is stored — and no external transfers
- All app data is stored in Forge-hosted storage operated by Atlassian, within your Atlassian product's environment.
- Its storage location follows the data residency region of your host Atlassian product, as configured by your organisation with Atlassian.
- Our apps perform no external egress: no data is transmitted to AB Apps' own servers (we operate none for app data), and none is sent to any third party. Accordingly, AB Apps initiates no international transfer of your data. Any hosting or cross-region arrangements are governed by your agreement with Atlassian.
5. Subprocessors
For the apps themselves, AB Apps uses no subprocessors. The apps run on the Atlassian Forge platform you already license, and no app data is sent to AB Apps or to any analytics provider, CDN, logging service, or third-party API.
The one exception is support correspondence you choose to send us: our support inbox (support@abapps.dev) is hosted by Zoho (Zoho Corporation) on its European Union data centre. Zoho processes only the email you send us, solely to deliver and store that correspondence. For app data we use no other subprocessor; our website itself is served by a hosting/CDN provider that may process standard server-log data (such as IP addresses) transiently for security and reliability (see Section 7). If this ever changes, we will update this policy before the change takes effect.
6. Data retention and deletion
- We retain app configuration and state only while the app is installed and only as long as needed to provide the feature (for example, past-reminder timestamps used to prevent duplicate sends).
- When you uninstall an app, its data in Forge storage is removed by the Atlassian platform as part of the uninstall/cleanup process.
- We keep no independent backups of your app data outside Atlassian's platform, because no data ever leaves it.
- Support correspondence (Section 8) is retained only as long as needed to resolve your request and to meet any applicable legal record-keeping obligations, then deleted.
7. This website
This website (abapps.dev) is a set of static pages. It sets no cookies, runs no analytics, and loads no third-party scripts, fonts, or tracking pixels. We do not build a profile of visitors. Standard, transient server logs may be produced by our hosting provider for security and reliability, but we do not use them to identify or track you.
8. Support communications
If you contact us at support@abapps.dev, we receive whatever information you choose to include (such as your email address, your Atlassian site URL, and a description of the issue). We use it solely to respond to and resolve your request. Please do not send us sensitive personal data or credentials. For this correspondence AB Apps is the controller; the lawful basis is our legitimate interest in providing support (Art. 6(1)(f) GDPR) or performance of our service to you (Art. 6(1)(b)).
9. Legal bases for processing (GDPR)
Where we act as processor, we process your data on your (the controller's) documented instructions and lawful basis. Where we act as controller (support communications and running the service), our lawful bases are:
- Performance of a contract / provision of the service (Art. 6(1)(b)) — to deliver the app features you installed and configured.
- Legitimate interests (Art. 6(1)(f)) — to provide support, keep the apps working reliably, and prevent misuse, balanced against your rights.
We do not process personal data for advertising, profiling, or automated decision-making that produces legal or similarly significant effects.
10. Your rights
Subject to applicable law (including the GDPR), you may have the right to access, rectify, erase, restrict, or object to the processing of your personal data, and to data portability.
Because our apps store data inside your own Atlassian product and we hold no independent copy — and generally cannot identify individual data subjects on our own — the most effective route for most requests is:
- Data inside the apps: contact your organisation's Atlassian administrator, who is the controller and can change configuration, remove data, or uninstall the app (which deletes the app's stored data). Atlassian can also action platform-level data-subject requests.
- Support correspondence you sent us directly: contact us at support@abapps.dev and we will action your request.
You also have the right to lodge a complaint with your local data protection supervisory authority in the EU/EEA.
11. Security
- Our apps run on Atlassian's Forge platform and inherit its platform-level security controls, tenant isolation, and hosted storage.
- We follow the principle of least privilege, requesting only the scopes listed in Section 3.
- The apps make no external network calls, which removes an entire class of data-exfiltration and third-party-breach risk.
- We store no secrets or credentials of yours; authentication and authorisation are handled by the Atlassian/Forge platform.
No method of processing is ever completely risk-free, but our "no egress, minimal storage" design is intended to keep exposure as low as possible.
12. Children's data
Our apps are business tools not directed at children and are not intended for use by anyone under the age of 16. We do not knowingly process children's personal data.
13. Changes to this policy
We may update this policy to reflect new apps, changed functionality, or legal requirements. When we do, we will revise the "Last updated" date above and, for material changes, provide reasonable notice (for example, on this website or in the Marketplace listing). Your continued use of an app after an update takes effect constitutes acceptance of the revised policy.
14. Contact
For any question about this policy or your personal data:
- AB Apps — independent EU-based software vendor (registered legal details available on request)
- Email: support@abapps.dev
- Web: abapps.dev
AB Apps is an independent developer and is not affiliated with or endorsed by Atlassian. This policy describes our current data practices in good faith; it is not legal advice.