Privacy Policy
Last updated: 2026-05-22
⚠️ LEGAL REVIEW REQUIRED — This draft Privacy Policy must be reviewed by a qualified GDPR practitioner before the Atlassian Marketplace listing is submitted. Items requiring specific information before publication are marked inline.
1. Who we are (controller identity)
⚠️ MANUAL REVIEW REQUIRED — Insert the registered legal entity name, company number, and registered address once the Kettasys / Attestsys legal entity is established.
Data controller: Kettasys Ltd (legal entity registration pending) [Registered address — insert before publication] Contact: privacy@attestsys.com
The Attestsys suite of apps (Tamper-Evident Audit Log for Jira, GitHub Evidence Pack for Jira, Signed Approvals for Jira) is operated by Kettasys Ltd and published on the Atlassian Marketplace.
2. Scope of this policy
This policy applies to personal data processed by Attestsys apps when installed in your Atlassian Jira workspace. It covers:
- Data processed through the Atlassian Forge platform by the Attestsys Forge app
- Data transmitted to and stored on the Attestsys backend infrastructure
- Data collected through the attestsys.com website
This policy does not cover personal data processed by Atlassian directly (Atlassian's own Privacy Policy applies) or personal data your organisation processes within Jira independently of the Attestsys apps.
3. Roles: controller and processor
For data processed by Attestsys apps within your Jira workspace:
- You (the Jira workspace administrator / your organisation) are the data controller — you determine the purposes and means of processing.
- Kettasys Ltd (as the Attestsys operator) is the data processor — we process personal data only on your behalf and according to your instructions.
Our Data Processing Agreement (DPA) governs this processor relationship. By installing and using the Attestsys apps, you agree to the terms of the DPA.
For personal data collected through the attestsys.com website (enquiries, contact form submissions, if any), Kettasys Ltd acts as the data controller.
4. What data we process and why
4.1 Data processed via the Attestsys Jira apps
| Data category | Examples | Legal basis (Art. 6 GDPR) | Retention |
|---|---|---|---|
| Jira event data | Event type, issue key, changed field names and values, timestamp | Art. 6(1)(b) — performance of contract with the data controller (you) | Per edition: Free 30 days, Standard 1 year, Advanced unlimited, Enterprise custom |
| Atlassian user identifiers | Atlassian accountId (an opaque identifier assigned by Atlassian) | Art. 6(1)(b) — performance of contract | Same as above |
| Jira workspace identifier | cloudId (Atlassian workspace UUID) | Art. 6(1)(b) — performance of contract | Duration of the customer relationship |
| Cryptographic audit chain | Hash-chained, ECDSA-signed records of the above events | Art. 6(1)(b) — performance of contract | Same retention as event data |
| HMAC ingestion credentials | Encrypted key material used to authenticate event ingestion | Art. 6(1)(b) — performance of contract | Duration of the customer relationship |
Note on
accountId: AtlassianaccountIdvalues are opaque identifiers — they are not names, email addresses, or other directly identifying data. However, they are linked to a specific Atlassian account and therefore constitute personal data under GDPR.
What we do NOT collect through the apps:
- Jira issue descriptions, comment text, or attachment content beyond what the Jira event webhook payload contains
- Jira user names or email addresses (we use
accountIdonly) - Any data unrelated to the events captured by the Attestsys apps
⚠️ MANUAL REVIEW REQUIRED — Confirm the exact data fields in each Jira webhook event payload and update the "Examples" column accordingly before publishing.
4.2 Data collected through attestsys.com
| Data category | Examples | Legal basis (Art. 6 GDPR) | Retention |
|---|---|---|---|
| Enquiry and contact data | Name, email address, message content submitted via contact forms | Art. 6(1)(b) — pre-contractual steps or Art. 6(1)(f) — legitimate interests | 2 years after last contact, unless a contract is entered |
| Website analytics | Anonymised page view counts, referrer (no personal identifiers, no cookies) | Art. 6(1)(f) — legitimate interests in understanding site usage | Aggregated data retained indefinitely; raw session data (if any) for 90 days |
⚠️ MANUAL REVIEW REQUIRED — Confirm the analytics tooling used (Umami, Plausible, or none) before publishing, and update this table accordingly.
5. How we protect your data
Infrastructure and data residency
All Attestsys app data is processed and stored exclusively on Hetzner Cloud infrastructure in Nuremberg, Germany (EU). No customer data is transferred to or stored in the United States or any other non-EU jurisdiction.
- Provider: Hetzner Online GmbH, Nuremberg, Germany
- Certification: BSI C5 Type 2, ISO 27001:2022
- CLOUD Act exposure: None — Hetzner is a German company with no US parent entity
Encryption
- In transit: TLS 1.2 or higher on all connections. HSTS enabled on the backend API.
- At rest: AES-256-GCM encryption of all stored data. LUKS full-disk encryption on the host server.
⚠️ MANUAL REVIEW REQUIRED — Confirm LUKS is provisioned before this statement is published.
Cryptographic audit chain
Attestsys apps create a tamper-evident, hash-chained audit record of Jira events. Each record is individually ECDSA-signed and independently verifiable. This is a security property of the product — not just a feature.
6. Sub-processors
We use the following sub-processors to provide the Attestsys service:
| Sub-processor | Role | Location |
|---|---|---|
| Hetzner Online GmbH | Cloud infrastructure (compute, storage, networking) | Nuremberg, Germany (EU) |
⚠️ MANUAL REVIEW REQUIRED — Add any email provider (for support and transactional email), monitoring or logging tool, or other sub-processor used in the production environment before publishing.
We will notify you of any changes to sub-processors as required by our Data Processing Agreement.
7. Data subject rights
Because Attestsys acts as a data processor for data processed through the Jira apps, requests to exercise data subject rights under GDPR Arts. 15–21 should in the first instance be directed to your Jira workspace administrator (the data controller), who is responsible for responding to data subject requests.
Where we can assist as a processor, we will do so within the timeframes required by GDPR.
Rights you may exercise (through your data controller):
- Art. 15 — Access: right to obtain confirmation of whether personal data concerning you is processed and, if so, access to it.
- Art. 16 — Rectification: right to have inaccurate personal data corrected.
- Art. 17 — Erasure ("right to be forgotten"): right to request deletion of personal data. Note: audit chain entries are never deleted in response to data subject requests — deletion would break the cryptographic chain integrity. Instead, a signed redaction marker is appended to the chain, and the tenant's signing key is tombstoned if full erasure is required. This approach preserves cryptographic chain continuity while enabling GDPR compliance. This limitation is inherent to the tamper-evident nature of the product and is disclosed here and in the Data Processing Agreement.
- Art. 18 — Restriction: right to request restriction of processing in certain circumstances.
- Art. 20 — Portability: right to receive personal data in a structured, commonly used, machine-readable format. Evidence bundle exports (ZIP) are available for this purpose.
- Art. 21 — Objection: right to object to processing based on legitimate interests.
To exercise rights in relation to attestsys.com website data (where we are the controller), contact us directly at privacy@attestsys.com.
Atlassian Personal Data Reporting API
Attestsys apps store Atlassian accountId values as part of the audit chain. As required by Atlassian's Marketplace requirements, we acknowledge and implement the Atlassian Personal Data Reporting API. Personal data linked to a specific Atlassian accountId can be identified and reported on request within a cycle of at most 7 days. To submit a request, contact privacy@attestsys.com.
8. International transfers
No personal data processed by Attestsys apps is transferred outside the European Economic Area (EEA). All data remains on Hetzner Cloud infrastructure in Germany (EU).
For attestsys.com website operations, if any service provider outside the EEA is used (for example, email delivery), appropriate transfer mechanisms (Standard Contractual Clauses or equivalent) are in place.
⚠️ MANUAL REVIEW REQUIRED — Confirm whether any third-party email or communication tool used for website enquiries involves non-EEA processing, and update this section accordingly.
9. Cookies and tracking
The attestsys.com website does not use cookies for tracking or analytics. Any analytics tooling used is cookie-free and collects no personal data.
The Attestsys Jira apps (running within the Atlassian Forge platform) do not set cookies in your browser independently — cookie handling within the Jira interface is governed by Atlassian.
10. Supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority. In Germany, the relevant authority depends on the registered state of the data controller.
⚠️ MANUAL REVIEW REQUIRED — Insert the correct German supervisory authority once the legal entity is registered. If registered in Bavaria: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA). If registered in Berlin: Berliner Beauftragte für Datenschutz und Informationsfreiheit. If registered in another German state, identify the corresponding Landesbeauftragter für Datenschutz.
You may also contact the supervisory authority in your EU member state of habitual residence or place of work.
11. Data Processing Agreement
If you process personal data through the Attestsys apps and are subject to GDPR, you may require a Data Processing Agreement (DPA) with us as your processor (Art. 28 GDPR).
A standard DPA is available at /dpa. To request a signed copy or discuss customised DPA terms for Enterprise contracts, contact legal@attestsys.com.
12. Changes to this policy
We will update this policy when our data practices change materially. We will notify Marketplace customers of material changes via the Atlassian Marketplace listing update mechanism and post the updated policy at this URL. The "Last updated" date at the top of this page reflects the date of the most recent revision.
13. Contact
For privacy-related questions, to exercise data subject rights (where we are the controller), or to report a concern:
Email: privacy@attestsys.com Postal: [Registered address — insert before publication]
⚠️ MANUAL REVIEW REQUIRED — Confirm the privacy@attestsys.com email address is set up and monitored before the Marketplace listing goes live.