Privacy Policy

Last updated: March 30, 2026

1. Introduction

This Privacy Policy explains how Priority Scoring — RICE, WSJF, ICE & Rovo AI for Jira ("the App"), developed by Janek Behrens ("we", "us", "our"), handles data when installed on your Atlassian Jira Cloud instance. We are committed to protecting your privacy and being transparent about our data practices.

2. Data We Access

The App accesses the following Jira data solely to provide its functionality:

• Issue data: Issue keys, summaries, descriptions, issue types, priorities, statuses, labels, and story points — used to calculate backlog health, display scoring fields, and (for the Rovo AI feature) suggest scoring dimension values.
• Assignee display names: User display names associated with issues — used when listing sprint issues in the Rovo AI agent. No email addresses or account IDs are stored by the App.
• Project data: Project keys and names — used to scope health calculations, the dashboard, and the gadget.
• Custom field values: RICE, WSJF, and ICE score fields created by the App — used to display and update priority scores on issues.
• Sprint data: Sprint name and open-sprint membership — used by the Rovo AI agent when analysing issues in a sprint.

3. Data We Store

The App stores the following data using Atlassian Forge Storage (KVS), which is hosted and managed by Atlassian within your cloud instance:

• Score dimensions per issue: The numeric input values for each scoring framework (e.g. RICE: Reach, Impact, Confidence, Effort) associated with an issue key.
• Computed scores: The resulting priority score per issue and framework, written back to the corresponding custom field.
• Framework configuration: Custom dimension weights (×1–×5 per dimension per framework) set in the admin dashboard.
• Rovo AI settings: The configured apply mode (suggest / confirm / auto), bulk limit, and whether AI comment writing is enabled.
• Backlog health cache: Aggregated, anonymised backlog metrics per project (counts of stale issues, missing fields, unscored issues). This cache does not contain personal data. It expires after one hour.
• Score history: A log of when scores were set or changed for an issue, including the issue key, framework, score value, and source (manual or Rovo AI).
• Rovo AI activity log: A capped log (last 50 entries) of score-apply events triggered by the Rovo AI agent, containing issue keys, scores, frameworks, and timestamps. No personal data is stored in this log.

We do not store issue descriptions, issue titles, user emails, or any free-text content entered by your team.

4. Rovo AI Feature and Issue Content

The App includes a Rovo AI agent ("Priority Scoring") that can analyse Jira issues and suggest or apply RICE, WSJF, or ICE scores. When this feature is used:

• The App reads the summary and description (up to 600 characters) of the requested issue and passes this data to the Rovo agent for analysis.
• This processing occurs within Atlassian's Rovo platform and is subject to Atlassian's Privacy Policy and Atlassian Intelligence data handling terms.
• The App itself does not send issue content to any external AI service or third-party server outside the Atlassian platform.
• AI-suggested scores are advisory outputs. The App stores only the numeric dimension values and computed score — not the raw issue content or AI reasoning text — unless comment writing is explicitly enabled by the administrator (see below).

5. Optional: Rovo AI Comment Writing

If an administrator enables the "Write AI reasoning as comment" option in the dashboard settings, the Rovo AI agent may post a comment on a Jira issue containing the computed score and the AI's reasoning text. This is opt-in and disabled by default. These comments are stored as standard Jira issue comments, governed by Atlassian's data handling practices.

6. Data We Do NOT Collect

• We do not collect, transmit, or store any data on our own servers. There are no servers operated by us.
• We do not collect personally identifiable information (PII) beyond what Jira provides transiently in API responses (e.g. assignee display names for sprint listing).
• We do not use cookies, tracking pixels, analytics platforms, or advertising networks.
• We do not store issue descriptions, comments, or any free-text content entered by users.

7. Data Processing Location

All data processing occurs within the Atlassian Forge runtime environment. The App runs on Atlassian's infrastructure as part of the Runs on Atlassian program. No data is transmitted to servers operated by us or any third party outside the Atlassian platform.

8. Data Retention

• Score data and configuration (score dimensions, weights, settings) is retained in Forge Storage as long as the App is installed. Uninstalling the App removes all App-stored data.
• Custom field values (RICE, WSJF, ICE scores on issues) are stored by Jira as standard custom field data. Removing the custom fields from Jira's field configuration will remove these values.
• Health cache expires automatically after one hour and is refreshed on demand.
• Rovo AI activity log is capped at 50 entries and older entries are overwritten automatically.

9. GDPR Compliance

The App transiently reads user display names (assignee information) from Jira API responses when listing sprint issues via the Rovo AI agent. This data is used solely to populate the in-chat response and is not stored or transmitted externally by the App.

For all other stored data, the App retains only numeric values (scores, dimensions, thresholds) and issue keys — no personal data. GDPR data subject requests (access, rectification, erasure, portability) relating to personal data held by Jira itself should be directed to Atlassian. For any App-specific data concerns, contact us at the address below.

Uninstalling the App will remove all App-related configuration and score data from Forge Storage.

10. Security

The App follows Atlassian Forge security best practices:

• Runs in a sandboxed Forge environment with no egress to external networks outside the Atlassian platform.
• Uses scoped Jira API permissions (read/write for issue and field data only).
• Does not store credentials, tokens, or secrets.
• Rovo AI write actions (apply score, bulk apply) are protected by a configurable apply-mode setting (suggest / confirm / auto) that administrators can restrict.

11. Children's Privacy

The App is a business productivity tool and is not directed at children under 16. We do not knowingly collect data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected in the "Last updated" date above. Continued use of the App after changes constitutes acceptance of the updated policy.