Privacy Policy — Flow Time for Jira
Flow Time for Jira ("the app") is an Atlassian Forge app that runs entirely on Atlassian-hosted infrastructure. This policy explains what data the app accesses, how it is used, and how it is stored.
Summary
- The app reads Jira issue, changelog, and project data only to compute time-in-status statistics that are displayed back to you.
- The app runs on the Atlassian Forge platform. Your data never leaves Atlassian's infrastructure — the app makes no calls to any external or third-party service.
- The app stores only your gadget configuration and short-lived cached results in Atlassian's Forge storage. It does not store the content of your issues.
What data the app accesses
To produce the time-in-status report, the app reads the following from your Jira site, using the permissions you grant at installation and acting with the viewing user's own access rights:
- Issues matching your selected data source (project or JQL): the issue key, creation date, and current status.
- Issue changelogs: the history of status changes (the previous status, new status, and timestamp of each change).
- Projects: the list of projects you can access, used to offer a default data source and a project picker.
The app requests these Atlassian scopes:
read:jira-work— to read the issues, changelogs, and projects above.storage:app— to use Forge storage for configuration and caching (below).
The app does not request write access and never modifies your Jira data.
How data is used
Accessed data is used solely to calculate, in real time, how long issues spend in each workflow status (median and average per status) and to render that result in the dashboard gadget for the user viewing it. Results respect the viewing user's permissions.
What data is stored, and for how long
The app stores the following in Atlassian's Forge Key-Value Store (hosted by Atlassian, within the Forge platform):
- Gadget configuration — your chosen data source (e.g. the selected project key). Retained until you change it or uninstall the app.
- Cached report results — the computed aggregate figures (status names and their median/average durations), stored per user so that opening a dashboard does not recompute everything each time. Cached entries are short-lived and expire after approximately one hour.
The app does not store the content of issues, comments, or any personal data beyond the account identifier used as a cache key.
Data sharing and transfer
- The app does not sell, share, or disclose your data to any third party.
- The app makes no external network requests. No data is transmitted outside Atlassian's infrastructure (the app is eligible for Atlassian's "Runs on Atlassian" program).
- No analytics, advertising, or tracking services are used.
Data residency and security
Data handled by the app is hosted by Atlassian on the Forge platform and is subject to Atlassian's security and data-residency controls. Data in transit and at rest is protected by the Forge platform. See our security policy for our security posture and how to report a vulnerability.
Data deletion
When the app is uninstalled, the configuration and cached data it stored in Forge storage are removed in accordance with Atlassian's app data handling. You may also clear cached results at any time by changing the gadget's data source, which causes a fresh calculation.
Changes to this policy
We may update this policy; material changes will be reflected by updating the effective date above.
Contact
Questions about this policy or your data: contact@flowtimeapps.com.