Privacy Policy

Last updated: June 11, 2026

1. Introduction

This Privacy Policy explains how DevOps Metrics for Jira ("the App"), developed by Janek Behrens ("we", "us", "our"), handles data when installed on your Atlassian Jira Cloud instance. The App is a read-only reporting tool: it reads Jira work data to compute the four DORA delivery metrics and never modifies your issues.

2. Data We Access

The App reads the following Jira data, solely to compute the metrics:

Completed issues of the configured project(s): issue type, labels, created and resolved dates, and current status — used for throughput, lead time, MTTR and the AI-involvement share.
Status-change history: the timestamps of workflow transitions (which status an issue moved from/to and when) — used for lead time and the re-open rate. For the optional AI signal the App also checks whether a change author is an app account (e.g. an automation or agent) — in memory only; author identities are never persisted.
Project versions (releases): names and release dates of released versions — used for deployment frequency and change failure rate.
Bug-type issues: creation dates and their fix/affected version references — used for change failure rate.
Project metadata: project names/keys, issue types and statuses — used by the setup wizard and pickers.

The App does not read or use assignee, reporter, or any other user/personal fields. Metrics are reported only at the project/team level — never per individual.

3. Data We Store

The App stores only the following, using Atlassian Forge Storage, which is hosted and managed by Atlassian within your cloud instance:

Weekly aggregates per project: deployment counts, completed-issue counts, excluded-issue counts, change-failure numerators/denominators, incident counts, AI-involvement counts, and compact statistical summaries of durations (e.g. median lead time in hours). These persist so the gadget loads instantly, and are recomputed nightly and on demand.
Operational records: background-job status, refresh watermarks (timestamps), the last-used metric definitions, and a list of recently viewed projects (IDs and timestamps only) that controls the nightly refresh.

We do not store issue titles, descriptions, comments, attachments, user names, emails, account IDs, or any free-text content. Stored data consists of numeric aggregates and project/week identifiers only.

Gadget configuration (selected projects, definitions, AI rollout date, labels, markers, period) is stored by Jira as standard dashboard-gadget configuration.

4. Data We Do NOT Collect

We do not run any servers. There is no developer-operated backend or database.
We do not collect personally identifiable information (PII). The App does not read assignee or user fields and stores no account identifiers.
We do not compute or expose per-person metrics — by design, the App cannot rank individuals.
We do not use cookies, tracking pixels, analytics platforms, or advertising networks.
We do not send any data to external services. The App makes no network calls outside the Atlassian platform.

5. Data Processing Location

All processing occurs within the Atlassian Forge runtime environment under the Runs on Atlassian program. No data is transmitted to servers operated by us or any third party outside the Atlassian platform.

6. Data Retention

Weekly aggregates cover a rolling 12-month window and are overwritten as they are recomputed; projects that are no longer viewed drop out of the automatic refresh.
Uninstalling the App removes all App-stored data from Forge Storage.
Gadget configuration is removed when the gadget is removed or the App is uninstalled.

7. GDPR Compliance

The App does not collect or store personal data. It does not read assignee or user information, and stored data is limited to numeric aggregates and project/week identifiers. The AI-involvement signal is a per-issue yes/no derived in memory and stored only as weekly counts — works-council and GDPR friendly by design. GDPR data-subject requests relating to data held by Jira itself should be directed to Atlassian. For App-specific concerns, contact us below. Uninstalling the App removes all App-related data from Forge Storage.

8. Security

Runs in a sandboxed Forge environment with no egress to external networks outside the Atlassian platform.
Uses minimal, read-only Jira API scopes plus app storage.
Enforces each viewer's own Jira project permissions before returning any data.
Stores no credentials, tokens, or secrets — there are none.

See our Security Policy for full details.

9. Children's Privacy

The App is a business productivity tool and is not directed at children under 16. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected in the "Last updated" date above. Continued use of the App after changes constitutes acceptance of the updated policy.

11. Contact

For questions about this Privacy Policy, contact us at:
Email: support@janekbehrens.de

DORA™ is a trademark of Google LLC. DevOps Metrics for Jira is an independent product by Janek Behrens and is not affiliated with or endorsed by Google. “DORA metrics” refers to the four software delivery metrics defined by the DevOps Research and Assessment program.