Privacy Policy

Sapper PMO

Effective Date: 1 July 2026

Last Updated: 1 July 2026

This Privacy Policy describes how Sapper PMO (“the App,” “we,” “our”) collects, uses, and protects information when you use our Atlassian Forge application.

1. Information We Collect

1.1 Automatically Collected Information

Sapper PMO is an investment-governance overlay for Jira. The information it holds falls into two categories: governance records you create inside the App, and data it reads from your Jira (and, optionally, Confluence) instance to populate the App.

Governance records you create in the App:

Work packages (name, status, RAG, owner, budget/baseline/forecast, schedule dates, linked Jira issue keys)
Project status (overall RAG, phase, reporting cadence, confidence)
The Investment Thesis / charter (business problem, target outcome, expected financial return, named PM, sponsor, steering-committee members, customer representative, supplier representative, adoption data, approval lifecycle state, close-out as-built outcome and return, lessons learned, BAU handover)
RAID register entries (risks, issues, opportunities — descriptions, scores, treatments, owner)
Decisions log entries
Scope-change requests
A governance audit trail (who changed what, and when)
App settings (governance group name, terminology, nominated editors)

User identifiers (see also Section 13):

Atlassian accountIds and display names of the users you name in governance roles — for example the project manager, sponsor, steering-committee members, and work-package owners. Unlike Sapper Project Cleaner, Sapper PMO does store user identifiers, because those named roles are part of the governance record itself.

Data read from Jira:

Projects, project lead, and users (via people-pickers: accountId, displayName, avatar)
Permission checks (for example, mypermissions) used to gate access to the App’s surfaces

Data read from Confluence (optional “Supporting documents” feature):

Space and page summaries (via search) so you can find and link existing Confluence pages
The App can also create and link Confluence pages at your request

1.2 Information We Do NOT Collect

We do not collect:

Email addresses or account credentials
Jira issue content (titles, descriptions, comments) or attachments
Credit card or payment information (handled by Atlassian Marketplace)
Behavioural or usage analytics, telemetry, or tracking data
Cookies of any kind

2. How We Use Information

2.1 Core Functionality

We use collected information to:

Render the App’s governance surfaces — Investment Health, the Investment Thesis, Work Packages, RAID, Decisions, Changes, and Portfolio Health
Present a current, defensible governance picture to sponsors and PMOs
Maintain a governance audit trail of changes
Power the read-only Sapper PMO Copilot (Rovo agent) so it can answer questions against your current governance data
Power the optional Confluence “Supporting documents” integration when you trigger it

2.2 Service Improvement

Sapper PMO does not embed analytics, telemetry, or behavioural tracking. We do not collect usage data inside the App. If you choose to submit feedback through the in-app feedback control (see Section 4 and Section 13), that feedback helps us improve the App — but it is entirely voluntary and user-initiated.

2.3 Legal Basis for Processing (GDPR)

Our legal basis for processing data:

Legitimate Interest: Investment governance and project oversight
Contract Performance: Providing the service as agreed
Consent: Implicit consent through app installation by an authorized administrator

3. Data Storage and Retention

3.1 Storage Location

All data is stored in Atlassian Forge app-scoped storage (KVS):

Data remains within your Jira instance’s data residency region
No data is transferred outside Atlassian infrastructure
Storage is isolated per Jira instance (not shared across customers)
There are no Softwired servers. Softwired does not copy your governance data to any external server, database, or analytics system.

3.2 Data Retention

Governance Records: Retained until you delete the record, the project is deleted, or the App is uninstalled
App Settings: Retained until the App is uninstalled or manually deleted
User Identifiers in Governance Roles: Retained as part of the governance record until that record is deleted, the named user is permanently deleted from Jira (see Section 3.3), or the App is uninstalled

3.3 Data Deletion

User deletion (right to be forgotten): When a user is permanently deleted from your Jira instance, the App receives Atlassian’s avi:jira:deleted:user event and automatically scrubs that user’s accountId from stored governance records.
Project deletion: When a Jira project is deleted, the App removes that project’s governance data.
App uninstallation: A Forge preUninstall purge automatically deletes ALL of the App’s stored data for your tenant before the uninstall completes. Your underlying Jira issues and Confluence pages are unaffected.

To manually delete data while keeping the App installed, contact help@softwired.com.au with your Jira instance URL; we will arrange deletion of stored governance data within 30 days.

4. Data Sharing and Disclosure

4.1 No Third-Party Sharing

We never share, sell, or transfer your data to third parties.

In normal operation the App makes no network calls outside your own tenant’s Atlassian APIs. There are no third-party services, SDKs, analytics, or cookies. All data remains within your Jira Cloud instance and Atlassian Forge infrastructure. The single user-initiated exception is the in-app feedback control described in Section 4.2 and Section 13.

4.2 Exceptions

We may disclose data only when:

Legally Required: To comply with court orders, subpoenas, or legal obligations
Security Threats: To investigate fraud, security threats, or policy violations
With Your Consent: When you explicitly authorize data sharing for support

Feedback control: The App includes an in-app feedback control that deep-links your browser to Softwired’s public Jira Service Management portal (softwiredau.atlassian.net). If you choose to submit a bug report, feature request, or satisfaction rating there, that content is sent to Softwired and processed to triage and respond to your feedback. This is a user-initiated browser navigation — the App itself transmits nothing externally. Submitting feedback is voluntary; please do not include sensitive personal data in free-text feedback.

4.3 Atlassian Infrastructure

Your data is processed on Atlassian’s Forge platform:

Atlassian’s privacy policy applies: https://www.atlassian.com/legal/privacy-policy
Forge infrastructure follows Atlassian’s security and compliance standards
Data residency follows your Jira instance’s region
The Sapper PMO Copilot runs on Atlassian’s Rovo/AI platform; Atlassian’s AI data-handling terms apply to Copilot interactions

5. Security Measures

We implement industry-standard security practices.

Technical measures:

Built entirely on the Atlassian Forge platform — runs on Atlassian infrastructure, with no external servers
All API calls use Forge authentication and authorization
TLS/HTTPS encryption for all data in transit
Atlassian encryption at rest for all stored data
Tenant isolation enforced by the Forge platform
Server-side input validation for all user inputs
No external egress: the App makes no outbound network calls outside your own tenant’s Atlassian APIs — no third-party services, SDKs, analytics, or cookies

Operational measures:

Minimal data collection (only what’s necessary for governance)
Regular security reviews of code and dependencies
Automated dependency updates for security patches

Access controls:

An access-governance model: per-project governance data is visible only to project members (project lead, charter seats, the project group, and project admins)
The cross-project Portfolio Health view is restricted to Jira admins or a configured governance group
Role-based access that respects Jira’s built-in permissions

6. Your Rights (GDPR)

If you are in the European Economic Area (EEA), you have the following rights:

Right to Access — request a copy of data we store about your Jira instance.
Right to Rectification — request correction of inaccurate data (via the App’s editing UI).
Right to Erasure (“Right to be Forgotten”) — request deletion of governance data (via record deletion, project deletion, or app uninstallation). When a user is permanently deleted from Jira, their accountId is scrubbed automatically (see Section 3.3).
Right to Restriction of Processing — request temporary suspension of data processing (contact support).
Right to Data Portability — request export of governance data in machine-readable format.
Right to Object — object to data processing based on legitimate interest (contact support).

To exercise your rights, email help@softwired.com.au with your request and Jira instance URL.

7. Children’s Privacy

Sapper PMO is not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us immediately.

8. International Data Transfers

Data residency: Data stored in Forge follows your Jira instance’s data residency. If your Jira is in the EU, app data is stored in the EU. There are no cross-border transfers outside Atlassian infrastructure.

Standard Contractual Clauses (SCCs): Atlassian Forge uses SCCs for GDPR-compliant data transfers. See Atlassian’s privacy policy for details.

9. Cookies and Tracking

No cookies: This app does not use cookies or browser tracking.

No analytics: The App embeds no analytics, telemetry, or behavioural tracking SDKs.

Session data: Forge maintains session state via Atlassian’s authentication infrastructure (not controlled by this app).

10. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in legal requirements, app functionality, or data practices.

Notification of changes:

Updated “Last Updated” date at the top of this policy
Major changes announced via app description on the Atlassian Marketplace
Email notification to app administrators (if contact information is available)

Your continued use constitutes acceptance of the updated policy.

11. Contact Us

Questions or concerns about this Privacy Policy:

Softwired Digital Pty Ltd

Email: help@softwired.com.au

Phone: (07) 2140 7624

Address: Brisbane, QLD, Australia

Marketplace: Atlassian Marketplace – Sapper PMO

Data Protection Officer: For GDPR-related inquiries, contact our Data Protection Officer at james@softwired.com.au.

We aim to respond to all privacy inquiries within 7 business days.

12. Regulatory Compliance

12.1 GDPR (General Data Protection Regulation)

We comply with GDPR requirements for EU/EEA users: a lawful basis for processing is clearly defined; data minimization (we collect only what’s necessary); user rights are respected and facilitated; and data breach notification procedures are in place.

12.2 CCPA (California Consumer Privacy Act)

For California residents: no sale of personal information (we don’t sell data to anyone); the right to opt out is respected (delete records or uninstall the app); and there is no discrimination for exercising privacy rights.

12.3 Data Processing Addendum (DPA)

A DPA is available for customers who process personal data through the app. Contact help@softwired.com.au to request a DPA, based on Atlassian’s standard Marketplace vendor DPA template.

13. Specific Data Practices

13.1 Named Governance Roles (User Identifiers)

Collected: Yes — Atlassian accountIds and display names of named roles (PM, sponsor, steering committee, work-package owners, decision approvers)
Stored: Yes, in Forge app storage, as part of the governance record
Purpose: The named roles are part of the governance record — who owns, sponsors, and approves the investment
Legal Basis: Legitimate interest (investment governance) and contract performance
Retention: Until the record is deleted, the named user is permanently deleted from Jira (accountId then scrubbed automatically), or the App is uninstalled
Sharing: Not shared

13.2 Governance Records

Collected: Yes (work packages, status, Investment Thesis, RAID, decisions, changes, audit trail, settings)
Stored: Yes, in Forge app storage
Purpose: To provide the governance overlay and present a current, defensible picture
Legal Basis: Contract performance (providing the service)
Retention: Until the record/project is deleted or the App is uninstalled
Sharing: Not shared

13.3 Confluence Integration

Collected: Yes (space/page summaries read via search, when you use the “Supporting documents” feature)
Stored: References/links to the pages you link; the App can create pages at your request
Purpose: Let you link existing governance documents and optionally create governance pages
Legal Basis: Legitimate interest (governance documentation) and user-initiated action
Retention: Links retained with the governance record; pages created in your Confluence are yours and are unaffected by uninstall
Sharing: Not shared

13.4 Feedback Submitted via the In-App Control

Collected: Only if you choose to submit feedback (bug report, feature request, or satisfaction rating)
Stored: In Softwired’s public Jira Service Management portal (softwiredau.atlassian.net), not in the App
Purpose: To triage and respond to your feedback
Legal Basis: Consent (voluntary, user-initiated)
Mechanism: The control deep-links your browser to the portal; the App itself transmits nothing externally
Retention: Per Softwired’s support-data practices
Sharing: Not shared beyond Softwired support

14. Your Responsibilities

As a Jira administrator using this app, you are responsible for:

Obtaining necessary permissions from your organization to install and use the app
Communicating app usage to end users in your organization (if required by your policies)
Complying with your organization’s data policies when recording governance information
Ensuring the personal data you enter into governance fields complies with applicable law and your organization’s data-retention requirements

15. Disclaimer

Sapper PMO is a governance and reporting overlay. It records and presents what users enter and what it reads from Jira. It does not itself make project decisions, and it deliberately does not compute ROI (an editorial choice — counterfactuals are invisible and attribution is contested). It keeps the case file current, complete, and defensible so the human making the call has what they need in front of them.

We are not responsible for:

Data loss due to user error (for example, deleting the wrong governance record)
Compliance with your organization’s specific data-retention policies
Third-party integrations or data synced to linked content

Acknowledgment: By installing and using Sapper PMO, you acknowledge that you have read and understood this Privacy Policy.

Document Version: 1.0

Effective Date: 1 July 2026

Last Reviewed: 1 July 2026

Softwired Digital Pty Ltd — Brisbane, QLD, Australia — help@softwired.com.au | (07) 2140 7624

Related documents:Sapper PMO Terms of Service · Sapper PMO Licence