This Privacy Policy applies to every software product distributed by UX Software — current and future — through the Atlassian Marketplace or directly. It describes the company-wide privacy practices that hold for all our products and is the document to read first when evaluating how UX Software handles personal data.
Contents
- Roles under data-protection law
- What data UX Software receives
- Why we process this data
- Subprocessors
- Where data is stored and processed
- Retention
- Data-subject rights
- International transfers
- Security
- Children
- Changes to this Policy
- Complaints
- Contact
1. Roles under data-protection law
For Products installed on a customer's Atlassian site, the customer is the data controller for the data the Product processes inside that site. UX Software acts as a data processor under the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and similar legislation.
For data the customer voluntarily sends to UX Software (support emails, billing metadata delivered by the Atlassian Marketplace), UX Software acts as the data controller.
2. What data UX Software receives
We do not pull telemetry, analytics, or runtime data from any Product. Nothing leaves a customer's installation except as described in the Product's Data Security Statement (typically: outbound webhook deliveries to URLs the customer configures).
We receive personal data only through these channels:
- Support emails sent voluntarily by customers to support@ux-software.com. May include log excerpts, screenshots, configuration dumps that the customer chooses to attach.
- Billing and license metadata delivered to us by the Atlassian Marketplace for paid subscriptions: company name, billing contact email, Support Entitlement Number (SEN), billing period, pricing tier.
- Marketplace correspondence initiated by Atlassian (release approvals, security questionnaires, partner-program updates).
3. Why we process this data — legal basis
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Operating the Product (data processed inside the customer's site). | Performance of a contract — Art. 6(1)(b). |
| Providing technical support. | Performance of a contract — Art. 6(1)(b) and our legitimate interest in supporting customers — Art. 6(1)(f). |
| Billing and license administration via Atlassian Marketplace. | Performance of a contract — Art. 6(1)(b) and legal obligation — Art. 6(1)(c). |
| Detecting abuse or violations of the EULA. | Legitimate interest — Art. 6(1)(f). |
We do not use Product data for advertising, profiling, or re-identification. We do not sell data to third parties.
4. Subprocessors
We use a single tier of subprocessors, common to every Product:
| Subprocessor | Role | Where |
|---|---|---|
| Atlassian Pty Ltd | Hosts the Marketplace; for Cloud Products, also provides the Forge runtime, SQL/KVS storage, queues, scheduled triggers, license issuance. | The customer's Atlassian Cloud region or, for Data Center Products, the customer's own infrastructure. |
| Customer-configured third parties | For Products that send outbound traffic (e.g. webhook receivers) — endpoints chosen by the customer's administrators. | Wherever the customer's chosen receivers run. |
Atlassian's own subprocessors are out of scope of this Policy and are listed in Atlassian's subprocessor list.
A current, per-Product subprocessor inventory is maintained at /subprocessors.html. We will notify customers of material changes to this list at least 30 days in advance via the affected Product's Marketplace listing.
5. Where data is stored and processed
All persistent product data is stored within the Atlassian platform on which the product runs, in the region the customer has selected for their Atlassian instance. UX Software does not operate any servers, databases, or analytics endpoints that participate in product execution.
Specifics — exact storage subsystem, regional residency, retention windows — are described in the Data Security Statement of the product the customer is using, available on the product's Atlassian Marketplace listing.
6. Retention
- Customer-configured data inside the Product (e.g. webhook configurations, payload templates, audit logs) is retained for as long as the Product is installed, subject to per-Product configurable retention windows. See each Product's Data Security Statement for specifics.
- Support emails are retained for as long as needed to provide ongoing support and to meet our legal/accounting obligations, typically 3 years from the last interaction.
- Billing metadata is retained for as long as required by tax and accounting law in our jurisdiction, typically 7 years.
7. Data-subject rights
For data processed inside the customer's Atlassian site by a Product, the customer (as data controller) handles data-subject requests directly. Each Product provides:
- Right of access — every configuration, log row, and setting is visible in the Product's admin UI.
- Right to rectification — admins can edit configurations in-place.
- Right to erasure — uninstalling the Product removes all of the Product's tenant data (subject to platform retention). Granular log retention is configurable in-Product.
- Right to data portability — configurations can be imported / exported through the Product's UI where applicable.
For data we hold directly (support emails, billing metadata), or to exercise rights granted by the CCPA, contact support@ux-software.com. We respond within 30 days.
8. International transfers
Data processed inside the customer's Atlassian site stays in the region of that site under Atlassian's data-residency controls. UX Software does not move it elsewhere.
Support correspondence is processed at UX Software's place of business in [country — to be confirmed]. Where this involves a transfer of personal data out of the European Economic Area or the United Kingdom, we rely on Standard Contractual Clauses (SCCs) and / or applicable adequacy decisions.
9. Security
- Transport: All product-to-Atlassian and product-to-third-party communication uses TLS unless a customer's administrator explicitly configures a non-TLS endpoint.
- At-rest encryption: Data is encrypted at rest using the security properties of the Atlassian platform on which the product runs.
- Telemetry: Our products contain no analytics, error tracker, or session-replay code. No data is reported back to UX Software except through support emails the customer sends voluntarily.
- Access: Only Atlassian-site administrators with the relevant permissions can configure our products. UX Software employees do not have access to customer environments.
- Credentials: When a product stores customer-supplied credentials (e.g. signing secrets, authentication tokens) it does so inside the platform's persistent storage and does not return the value through any API after creation.
For UX Software's full vulnerability-disclosure policy and security practices see /security.html.
10. Children
UX Software's Products are B2B tools sold to enterprise Jira / Confluence customers. They are not directed at children under 16, and we do not knowingly process personal data of children under 16.
11. Changes to this Policy
We may update this Policy from time to time. Material changes will be announced on every active Product's Marketplace listing and reflected in the Effective date at the top. The current version is always available at https://ux-software.com/privacy-policy.html.
12. Complaints
If you believe we have processed your personal data unlawfully, contact us at support@ux-software.com or raise a complaint with the supervisory authority in your country of residence.
13. Contact
Email: support@ux-software.com