Privacy Policy

Last updated: February 26, 2026

1. Introduction

This Privacy Policy explains how CodeDoc AI for Confluence ("the App"), developed by Janek Behrens ("we", "us", "our"), handles data when installed on your Atlassian Confluence Cloud instance. We are committed to protecting your privacy and being transparent about our data practices.

2. Bring Your Own Key (BYOK) Model

CodeDoc AI operates on a Bring Your Own Key principle. You provide your own API keys for AI services (Anthropic, OpenAI, or Google AI) and access tokens for Git hosting providers (GitHub, GitLab, Bitbucket, or Azure DevOps). The App uses these credentials solely to perform the functions you initiate. We do not have access to your API keys or tokens — they are stored in your Confluence instance's encrypted Forge storage and are never transmitted to us.

3. Data We Access

The App accesses the following data solely to provide its functionality:

• Source code: Fetched from your Git repositories by the Atlassian Forge runtime (running on Atlassian's infrastructure) using your access token. The code is loaded into the Forge runtime's memory, processed there, and forwarded to your AI provider. Code is not cached or retained after the job execution completes.
• Confluence data: Space names and page IDs — used to create or update documentation pages in the spaces you select.
• AI API: Your source code is sent to your chosen AI provider using your API key for documentation generation. The response (generated documentation) is published to Confluence.

4. Data We Store

The App stores the following data using Atlassian Forge Storage (hosted and managed by Atlassian within your Confluence Cloud instance):

• AI provider configuration (provider type, encrypted API key, selected model)
• Git provider configuration (provider type, encrypted access token, display name, base URL)
• Repository list (repository URLs, branches, provider references)
• Job configuration (selected repositories, documentation preset, trigger settings, target space)
• Generation history (job name, status, timestamp, token usage, page link — no source code or generated content)
• Job execution status (ephemeral progress state during active job runs)
• Webhook deduplication data (recent event IDs to prevent duplicate processing — no payload content)
• Webhook signature secret (if configured by you for webhook verification)
• App-level settings (general preferences and configuration flags)

We do not store your source code or the generated documentation content. Source code is read, processed, and discarded within a single job execution. Generated documentation is written directly to Confluence.

5. Data We Do NOT Collect

• We do not collect, transmit, or store any personally identifiable information (PII).
• We do not send any data to our own servers or to any third-party analytics, tracking, or advertising platforms.
• We do not use cookies, tracking pixels, or any form of user tracking.
• We do not have access to your API keys, access tokens, or source code.
• We do not retain or log the content of your source code or the generated documentation.

6. Third-Party Data Transmission

When you run a documentation job, the App transmits data to the following third-party services using your own credentials:

• Your Git provider (GitHub, GitLab, Bitbucket, or Azure DevOps) — to read source code files from your repositories.
• Your AI provider (Anthropic, OpenAI, or Google AI) — to generate documentation from the source code.

Blue = Atlassian infrastructure   |   Orange = services you configure with your own credentials

Important: Each third-party provider has its own data handling and retention policies. We have no control over how your Git provider or AI provider processes, stores, or retains data sent to them. You are responsible for reviewing and accepting the terms and privacy policies of the services you connect.

We do not send data to any services beyond those you explicitly configure. No data is transmitted to our own servers or any other third party.

7. Data Processing Location

The App's backend logic runs entirely within the Atlassian Forge runtime environment as part of the Atlassian Forge platform. Data is processed on Atlassian's infrastructure. Outbound connections are made only to the Git and AI providers you configure, using Forge's allowlisted external fetch mechanism.

8. Data Retention

• Configuration data (providers, jobs, repositories) is retained in Forge Storage as long as the App is installed. Uninstalling the App removes all stored data.
• Generation history (metadata only — no source code or content) is stored until you clear it via the "Clear History" function or uninstall the App.
• Source code is never stored. It is fetched from Git into the Atlassian Forge runtime, processed in memory, forwarded to the AI provider, and discarded within the same job execution.
• Generated documentation is stored as standard Confluence pages. These pages persist independently of the App and are not deleted upon uninstallation.

9. GDPR Compliance

The App does not collect or process personal data. Configuration data stored in Forge Storage does not contain PII. Since we do not collect personal data, GDPR data subject requests (access, rectification, erasure, portability) are not directly applicable to the App's own storage.

However, if your source code or generated documentation contains personal data, please note that this data is loaded into and processed by the Atlassian Forge runtime (on Atlassian's infrastructure) and is also transmitted to your AI provider as part of the generation process. Review both Atlassian's and your AI provider's GDPR compliance and data processing agreements before processing code that contains personal data.

If you have any GDPR-related concerns, please contact us at the email address below.

10. Security

The App follows Atlassian Forge security best practices:

• Runs in a sandboxed Forge environment with restricted network access (only allowlisted domains).
• API keys and access tokens are stored in Atlassian Forge encrypted storage.
• All external data transfers use TLS encryption.
• No credentials are logged, exposed in error messages, or transmitted to us.
• The App uses minimal Confluence API scopes: storage:app, read:space, read:page, and write:page.

For comprehensive details, see our Security Statement.

11. Children's Privacy

The App is a business productivity tool and is not directed at children under 16. We do not knowingly collect data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected in the "Last updated" date above. Continued use of the App after changes constitutes acceptance of the updated policy.