Privacy Notice

Last updated: 2026-05-08

This notice applies only to Kedalion Sentinel for Jira Cloud. It describes how Kedalion handles personal data when the app is installed on Jira Cloud. It does not replace Atlassian's own privacy documentation.

Kedalion Sentinel for Jira Cloud helps customers detect potentially sensitive data exposure in selected Jira projects. To do that, the app processes limited Jira content, user context, and app workflow metadata needed to run scans, present findings, and record review decisions.

Data controller and contact details

The data controller for this app notice is Kedalion. For privacy questions, access requests, correction requests, deletion requests, or complaints about the app's handling of personal data, contact hello@kedalion.app.

Personal data processed by the app

Jira project, issue, and field identifiers required to run supported scans and locate findings.
Supported Jira issue content from customer-selected projects, which may include personal data already present in Jira tickets.
App configuration, scan history, reviewer actions, sign-off notes, and similar workflow metadata.
Limited Jira user context needed to render the app and associate review actions with a user where Atlassian makes that context available.
Redacted evidence snippets and finding metadata instead of storing full raw sensitive values as app evidence.

Data the app is designed not to store

Full raw sensitive values as retained finding evidence where a redacted snippet is sufficient for the workflow.
Generative AI or LLM output derived from Jira issue content in this release.
Personal access tokens, shared secrets, or customer credentials outside Atlassian's normal app-install and permission model.

Legal basis for processing

Kedalion processes personal data as needed to provide the app to the customer that installed it, including detecting findings, storing redacted review evidence, preserving scan history, and maintaining reviewer workflow state. In practice, this means Kedalion generally processes Jira content and related metadata under the customer's instructions to perform the contracted service. Kedalion may also process limited operational data where needed to maintain the security, integrity, and supportability of the app.

How the app uses personal data

To scan selected Jira projects for potential sensitive-data exposure.
To display findings, review state, and redacted evidence in the app UI.
To record reviewer actions, sign-off state, and scan history.
To answer support or deletion requests relating to the app, where required.

Retention and deletion

The app retains configuration, findings metadata, redacted evidence snippets, and review history only for as long as needed to operate the app for the customer workspace, unless earlier deletion is requested or the app is uninstalled. When a customer asks Kedalion to delete app data, or when deletion is otherwise required, Kedalion will use commercially reasonable efforts to delete the relevant app-held data from the app's storage footprint. Customers should avoid sending raw sensitive values over support channels.

Third-party sharing

Kedalion does not sell personal data processed by the app. Kedalion does not disclose app-processed Jira content to unrelated third parties for their own marketing or independent use. The app operates within Atlassian's Forge environment and relies on Atlassian infrastructure to receive Jira context and store app data. Kedalion may also disclose limited information when required by law, regulation, or a valid legal process, or where needed to protect the security and integrity of the service.

User rights

Depending on the applicable law and the role of the customer and Kedalion for the relevant data, data subjects may have rights to request access, correction, deletion, restriction, objection, or data portability. Requests relating to Jira content should usually be directed first to the customer's Jira administrator or the organization that controls the Jira workspace. Kedalion will reasonably cooperate with customer-directed requests that concern app-held data.

International transfers

Based on the current product configuration described in Kedalion's Atlassian Privacy and Security responses, Kedalion Sentinel for Jira Cloud is not intended to transfer End-User Data outside Atlassian services for the app workflow described here.

Policy updates

Kedalion may update this Privacy Notice from time to time to reflect product, legal, or operational changes. When Kedalion makes a material change, Kedalion will update the date on this page and publish the revised notice at this URL so customers and reviewers can see the current version.

Support-safe handling

Use the published app documentation first. If privacy, deletion, or data-handling questions remain, use the direct support request page or contact hello@kedalion.app, and do not include raw sensitive values unless Kedalion explicitly asks for a safe, minimized example.