The conditions governing access to our website and engagement with our services.

‍1. Introduction

‍

This Privacy Policy explains how AIVERY LABS PTY LTD (ABN 89 696 967 209 / ACN 696 967 209), a company incorporated in Western Australia, Australia (“we”, “us”, “our”, or “Aivery Labs”), collects, uses, stores, discloses, and protects personal information in connection with the following Atlassian Marketplace apps (together, the “Apps”):

• Support Intelligence — a Jira Cloud add-on that uses AI to analyse the summary, description, and reporter-authored comments of Jira tickets to surface escalation risk, churn signals, sentiment, and complaint categorisation.
• Org Intelligence — a Jira Cloud add-on that manages an internal org chart and routes approval workflows automatically based on that chart.

When we collect, receive, store, and use your personal information, we do so in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), the EU General Data Protection Regulation (EU) 2016/679 (“GDPR”), and the Atlassian Marketplace Partner Agreement and Data Privacy Guidelines for Developers.

In short: we collect only what each App needs to function, we minimise what is sent outside Atlassian's infrastructure, and we do not sell, rent, or trade your data.

Each App has different data-handling characteristics. Where a section applies to only one App, this is called out explicitly. Where no App is named, the provision applies to both.

‍

2. About the Apps

‍

2.1 Support Intelligence

‍

Support Intelligence automatically analyses customer support activity based on three specific Jira ticket fields: the ticket summary, the description, and comments authored by the ticket reporter (i.e., the customer who raised the ticket). The App does not read agent-authored replies, internal-only comments, attachments, custom fields, worklogs, linked issues, or any other Jira content. The add-on uses third-party AI models to classify escalation risk, detect churn signals, assess sentiment, and categorise complaints, providing Jira administrators and agents with a real-time analytics dashboard.

Key features include:

• Automated escalation risk scoring, sentiment analysis, churn signal detection, and complaint categorisation based on the ticket summary, description, and reporter-authored comments, using Anthropic Claude.
• Translation of AI-generated output fields (frustration source, escalation signals) into the ticket's original language using OpenAI GPT-4o mini.
• AI-assisted reply suggestions for agents, generated by Anthropic Claude using previously analysed data stored in Forge SQL, and surfaced via the Atlassian Rovo Agent add-on. No ticket summary, description, or reporter-authored comment text is re-sent to Anthropic at the time of reply generation.
• Analytics dashboard displaying escalation trends, churn risk, sentiment trajectories, and ticket-level insights.
• Persistent data storage via Atlassian Forge SQL for analytics and reporting.
• Data backup and export capabilities accessible to Jira site administrators.

‍

2.2 Org Intelligence

‍

Org Intelligence helps an organisation maintain an internal org chart and route approval workflows automatically based on that chart. Key features include:

• Centralised org chart with member profiles, manager relationships, departments, and job titles.
• Approval rules scoped globally or per-project, evaluated against Jira issue events.
• Automatic assignment of approvers to user-picker fields based on the org chart.
• Audit log of administrative actions and rule-engine events.
• A Rovo agent that answers natural-language questions about the org chart and approval rules using Atlassian Intelligence.
• All App data persisted exclusively in Atlassian Forge SQL and Forge Storage within the customer's Atlassian tenant.

3. Personal Information We Collect

‍

We collect only the data each App needs to perform its stated functions. Everything listed here originates from your Jira Cloud instance.

‍

3.1 Common to both Apps

‍

• Your Jira account ID and display name.
• Your Jira account role (e.g., agent, reporter, administrator) and relevant Jira permissions.
• Your email address where it is exposed by Atlassian's identity APIs.

‍

3.2 Support Intelligence — additional data collected

‍

• The text of three specific Jira ticket fields: the ticket summary, the description, and comments authored by the ticket reporter. This text may contain personal data about the reporter or third parties. The App does not read agent-authored replies, internal-only comments, attachments, custom fields, worklogs, linked issues, or any other fields.
• AI-derived analytical data generated from the ticket summary, description, and reporter-authored comments, including escalation risk scores, sentiment trajectories, churn signal indicators, churn risk scores (0–1 scale), frustration source classifications, and complaint categories.
• Any other personal information provided directly or indirectly through your use of the App.

‍

3.3 Org Intelligence — additional data collected

‍

• Jira user profiles — display name, accountId, email address, active/inactive status, avatar URL. Used to populate the org chart and resolve approvers.
• Jira issues — issue key, project, issue type, status, reporter, assignee, and the contents of any field referenced in your approval rules (typically priority, labels, custom fields). The App reads issues to evaluate approval rules; it writes only to the user-picker fields you have configured as “approver fields”.
• Jira projects and fields — project keys/names and the catalogue of available custom fields. Used to populate dropdowns when admins create rules.
• Org chart entries — for each member: Jira accountId, email, display name, manager reference, department, job title, active status, and avatar URL.
• Approval rules — name, scope (global / project), JQL filter, approver field reference, approver chain definition, priority, active flag, timestamps.
• Approval assignments — issue key, rule reference, assigned approver's accountId, status (pending / resolved), and timestamps.
• Audit log — actor accountId, action name, target reference, project key (if applicable), timestamp, and a small JSON detail blob. Rule-engine events are auto-pruned at 1,000 entries; administrative events are retained while the App is installed.

‍

3.4 What we do NOT collect

‍

Across both Apps, we do not collect:

• IP addresses, browser fingerprints, geolocation, or behavioural analytics about how individual users navigate the App's UI.
• Data from Jira projects where the relevant App has not been enabled or configured.
• Any data from third-party analytics, tracking, or advertising platforms — we do not integrate any.

Support Intelligence specifically does not send to any AI provider: agent-authored ticket replies, internal-only comments, ticket attachments, custom fields, worklogs, linked issues, change history, or any Jira data outside the ticket summary, description, and reporter-authored comments.

Org Intelligence specifically does not collect or scan issue descriptions, comments, or attachments beyond the specific fields needed to evaluate your configured approval rules.

‍

4. How We Use Personal Information

‍

We collect, hold, use and disclose personal information for the following purposes:

• To provide each App and its features, including AI-powered analysis of the ticket summary, description, and reporter-authored comments (Support Intelligence), and automatic approval routing (Org Intelligence).
• To generate escalation risk scores, sentiment assessments, churn signal detections, and complaint category classifications (Support Intelligence).
• To build and display the org chart, evaluate approval rules, resolve and write approvers, and post explanatory comments on issues (Org Intelligence).
• To power analytics dashboards, produce escalation and churn trend reports, and provide audit logs to administrators.
• To support AI-assisted reply suggestions (Support Intelligence) and Rovo-agent responses (Org Intelligence).
• To enforce each App's permission model and license gating.
• To contact and communicate with you regarding the Apps.
• For internal record keeping, diagnostics, product improvement, and business development.
• To comply with our legal obligations and resolve disputes.

We do not use your data for advertising, training AI models, profiling, or any purpose unrelated to each App's stated functionality.

‍

5. Third-Party AI Processing (Support Intelligence)

‍

Support Intelligence uses third-party AI models to analyse three specific Jira ticket fields: the ticket summary, the description, and comments authored by the ticket reporter. Agent-authored replies, internal-only comments, attachments, custom fields, worklogs, linked issues, and all other Jira data are never sent to any AI provider. When a ticket is created or a reporter comment is submitted in Jira, the text of these fields may be sent to one or more of the following AI services for processing:

• Anthropic (Claude Haiku): Used for escalation risk classification, sentiment analysis, churn signal detection, complaint categorisation, and AI-assisted reply generation. Reply suggestions are generated using pre-analysed data stored in Forge SQL — no ticket summary, description, or reporter-authored comment text is re-sent to Anthropic at the time of reply generation.
• OpenAI (GPT-4o mini): Used solely to translate AI-generated output fields (frustration source and escalation signals) into the ticket's original language. Ticket summary, description, and reporter-authored comment text are not sent to OpenAI.

The text sent to AI providers (the ticket summary, description, and reporter-authored comments) may include personal data. We only transmit the minimum information required for the analysis. Under the API terms we rely on with Anthropic and OpenAI, customer inputs and outputs are not used to train their generally available models. Each AI provider processes data in accordance with its own data processing agreement and privacy policy; current versions are available on request.

By installing Support Intelligence, Jira administrators acknowledge that the ticket summary, description, and reporter-authored comments (which may include personal data of the reporter or third parties referenced in those fields) will be processed by these AI services.

Org Intelligence does not use any non-Atlassian AI provider. Its Rovo agent is powered exclusively by Atlassian Intelligence — see Section 7.

‍

6. Data Storage

‍

6.1 Where data is stored

‍

All App data — including Support Intelligence analytical outputs and Org Intelligence org chart entries, rules, assignments, and audit logs — is stored in Atlassian Forge SQL and Forge Storage, managed services provided within the Atlassian Forge platform. This data remains within Atlassian's cloud infrastructure inside your tenant boundary.

We do not maintain any external database, server, or backup outside Atlassian's infrastructure. No data is transferred to systems controlled by Aivery Labs except via the Forge developer console when you have explicitly asked us to investigate a support issue.

‍

6.2 Data residency

‍

Atlassian determines the physical region where your Forge data resides, based on your Atlassian Cloud subscription and any data-residency commitments Atlassian has made to you. The Apps inherit that residency without modification. See Atlassian's Cloud Hosting Infrastructure and Data Residency documentation for the current regions and policies.

‍

6.3 Retention

‍

• While the App is installed: data is retained as long as it is needed for the App to function.
• Support Intelligence customer profiles and ticket analysis data persist after a ticket is resolved. Data is retained for as long as the App remains installed or until deleted by a site administrator.
• Org Intelligence audit log — administrative events (rule changes, member changes, CSV imports) are retained without auto-pruning. Rule-engine events (per-issue evaluations) are auto-pruned to the most recent 1,000 entries.
• Approval assignments are kept for the lifetime of the underlying issue, marked resolved when the issue closes (Org Intelligence).
• Org chart and rules are kept until you delete them through the App UI (Org Intelligence).

‍

6.4 On uninstall

‍

When an App is uninstalled from your Jira instance, Atlassian Forge automatically deletes all of that App's tenant-scoped data within the platform's standard deletion window (typically up to 30 days) in accordance with the Forge data lifecycle. We do not retain any copy of this data outside Atlassian's infrastructure. If you require explicit confirmation of deletion or expedited deletion for a compliance requirement, contact us using the details in Section 13.

Backup exports produced by administrators through the Support Intelligence admin interface are the responsibility of those administrators once downloaded.

‍

7. Third-Party Services and Disclosure

‍

The Apps interact with exactly the external services listed below. There are no others. We may also disclose personal information to our own employees, contractors, professional advisors, related entities, courts, regulatory authorities and law enforcement as required by law, and any successor entity if our business or assets are transferred.

‍

‍

‍

‍

We do not sell your data. We do not integrate with Google Analytics, Sentry, Mixpanel, marketing platforms, advertising networks, or payment processors (billing is handled entirely by Atlassian Marketplace).

Where we disclose personal information to third parties, we require them to handle it in accordance with applicable privacy laws and, where relevant, in compliance with the GDPR and the Australian Privacy Principles. Some third parties may store or process data outside Australia or the European Union.

‍

8. Our Role under the GDPR

‍

8.1 Where we act as a data controller

‍

We act as a data controller for personal information that we determine the purposes and means of processing — for example, account data you provide directly for support and communications with us. If you are a person whose personal data we control, your personal data will:

• Be processed lawfully, fairly and transparently.
• Only be collected for the specific purposes identified in this Privacy Policy.
• Be limited to what is necessary for those purposes.
• Be kept accurate and up to date where possible.
• Be retained only for as long as necessary.
• Be processed securely, with protection against unauthorised access and accidental loss or damage.

‍

8.2 Where we act as a data processor

‍

For personal data contained in content processed by the Apps on behalf of our customers (for example, personal data inside Jira tickets analysed by Support Intelligence, or Jira user profiles indexed by Org Intelligence), our customer is the data controller and we act as a data processor. In that capacity, we will:

• Only process personal information on the written instructions of the controller (which include the instructions embedded in the Apps' configuration and the Atlassian Marketplace End User Agreement).
• Not engage sub-processors without prior written authorisation from the data controller. The sub-processors authorised under this policy are listed in Section 7 (Atlassian, and for Support Intelligence only: Anthropic and OpenAI).
• Cooperate with supervisory authorities as required by law.
• Maintain security of processing (see Section 10).
• Keep records of processing activities.
• Notify the data controller of any personal data breaches without undue delay, and in any event within 72 hours of becoming aware of the breach.

‍

8.3 International transfers

‍

We are incorporated in Australia, and Atlassian's Forge platform may host your data in various regions (see Section 6.2). Where personal data of EEA, UK, or Swiss residents is transferred outside those jurisdictions, we rely on an adequate transfer mechanism as required by the GDPR — including, where applicable, the EU Standard Contractual Clauses. Customers who require a signed Data Processing Addendum (DPA) consistent with Article 28 GDPR may request one using the contact details in Section 13.

‍

9. Your Rights and Controls

‍

Subject to applicable law, you have the following rights with respect to your personal information. For Jira data processed on behalf of a customer, please raise these requests with the customer (the data controller) in the first instance; we will assist them as required.

• Choice and consent: By installing and using each App, you consent to the collection, holding, use and disclosure of your personal information as described in this Privacy Policy.
• Access and portability: You may request a copy of the personal information we hold about you, where possible in a machine-readable format. Site administrators can also export data directly through the Apps' admin interfaces (CSV for Org Intelligence audit log; export/backup for Support Intelligence analytical data).
• Correction: If you believe information we hold is inaccurate or incomplete, please contact us and we will take reasonable steps to correct it. Administrators can edit org chart entries, rules, and members directly through Org Intelligence.
• Restriction: You may request that we limit how we process your personal information. We will inform you of any impact on your use of an App.
• Erasure: You may ask us to erase personal information we hold about you, subject to any legal retention requirements. To remove all App data, uninstall the relevant App — Forge will delete tenant-scoped data per Section 6.4.
• Objection / withdrawal of consent: You can stop either App from processing any further data by uninstalling it.
• Complaints: If you believe we have breached the Australian Privacy Principles or the GDPR, please contact us using Section 13. EU/EEA residents may also lodge a complaint with their national supervisory authority. Australian residents may contact the Office of the Australian Information Commissioner (OAIC).
• Unsubscribe: To opt out of marketing communications, contact us using the details in Section 13 or use the opt-out link in our emails.

We will acknowledge receipt of any privacy request within 5 business days and respond substantively within 30 days, unless a longer period is justified by the complexity of the request.

‍

10. Security Measures

‍

We are committed to protecting the personal information we collect and have implemented suitable physical, electronic, and managerial safeguards — including pseudonymisation and encryption where appropriate — to protect against misuse, interference, loss, and unauthorised access, modification, or disclosure.

Both Apps rely on the Atlassian Forge platform's security model:

• Hosting and isolation. App code runs inside Atlassian's Forge runtime, isolated per tenant. Code, secrets, and stored data are never shared across tenants.
• Encryption. All data is encrypted in transit (TLS) and at rest by Atlassian's storage layer. We do not manage encryption keys.
• Authentication and authorisation. All API calls inherit Atlassian's authentication. Each App can only act with the scopes declared in its manifest. Every administrative action is permission-checked against your existing Jira admin model. The Apps do not bypass or extend Jira's permission system.
• License gating. When an App's subscription is inactive, operations are blocked with a clear error message — no data is modified or exfiltrated.
• No credentials stored. The Apps do not store API tokens, passwords, or any secret credentials. Authentication is handled entirely by Atlassian.

For Atlassian's broader security posture (SOC 2, ISO 27001, penetration testing, vulnerability disclosure programme), see the Atlassian Trust Center. We cannot guarantee the security of information transmitted over the internet; such transmission is carried out at your own risk.

‍

11. Links to Other Websites

‍

Our documentation, Marketplace listings, or App UIs may contain links to third-party websites. We are not responsible for the privacy practices of those sites. Those websites are not governed by this Privacy Policy.

‍

12. Changes to This Policy

‍

We may update this Privacy Policy as the Apps evolve or as legal requirements change.

• Material changes (e.g. adding a new third-party service, or changing how data is used) will be communicated via an update to each App's Atlassian Marketplace listing, a note on the App's documentation page, and — for installed customers — a notification through the App's admin UI on the next sign-in following the change.
• Non-material changes (typo fixes, formatting, clarifications) are reflected in the “Last Updated” date at the top of this document.

Any amended Privacy Policy is effective once we notify you of the change.

‍

13. Contact Us

‍

For any privacy questions, data subject requests, or to report a concern regarding either App:

• AIVERY LABS PTY LTD — ABN 89 696 967 209 / ACN 696 967 209, incorporated in Western Australia, Australia
• Email: support@aiverylabs.com

This policy describes how our Apps handle data. It does not replace or modify Atlassian's own Privacy Policy, which separately governs the underlying Jira Cloud and Forge platform.