Legal
Privacy Policy
How we collect, process, and protect your data.
Last updated: February 19, 2026
The short version
- Forge-native — runs on Atlassian infrastructure, no external servers
- Smart anonymization — personal identifiers stripped before every AI call
- Zero data retention — default AI providers never store your data
- EU data residency — available via Google Vertex AI (Netherlands, London)
- Admin controls — disable AI models, monitor usage, toggle analytics
1. Overview
SuperTemplates (“we”, “our”, or “us”) is an Atlassian Forge app for AI-powered bulk task creation in Jira. This Privacy Policy explains how we collect, use, and safeguard your information when you use our App or visit our website (supertemplates.ai).
Our app is built on Atlassian Forge — it runs entirely on Atlassian's infrastructure with no external servers or databases. All persistent data (templates, preferences, sessions) is stored in Forge Key-Value Storage within your Atlassian data residency region.
2. Data Controller and Processor
For App Users: Your Atlassian organization is the data controller. We act as a data processor, processing data only as necessary to provide the App's functionality per your instructions.
For Website Visitors: We are the data controller for personal data collected through our website (supertemplates.ai).
3. Data We Collect
Data you provide (App Users)
- Task descriptions and prompts you input for AI generation
- Template configurations and saved variables
- Account preferences and app settings
- BYOK API keys (stored encrypted in Forge Secrets)
Data we process from Jira (with your permission)
- Project context: issue type names, priority names, field definitions
- User display names (anonymized before AI processing)
- Sprint names and board structure
Data we never access
- Existing Jira issue content (titles, descriptions, comments, attachments)
- Authentication credentials or API tokens
- Project keys or board names (stripped before AI calls)
- Atlassian account IDs or email addresses
Website visitor data
- Page views, referral sources, and visitor behavior (Google Analytics)
- Company-level identification from IP addresses — not individual visitors (Snitcher)
- No personal data is sold or shared with third parties for advertising
See our Analytics & Cookies page for full details and opt-out options.
4. Legal Basis for Processing (GDPR)
We process personal data based on the following legal grounds:
- Contractual necessity (Art. 6(1)(b) GDPR) — to provide the App's functionality
- Legitimate interest (Art. 6(1)(f) GDPR) — to improve and secure the App, diagnose issues, and analyze usage patterns
- Consent (Art. 6(1)(a) GDPR) — for optional analytics and marketing communications
- Legal obligation (Art. 6(1)(c) GDPR) — to comply with applicable laws
5. How We Protect Your Data
Smart Anonymization
Before any data is sent to AI providers, all personal identifiers are stripped and replaced with anonymous codes. AI providers never see Atlassian account IDs, email addresses, or internal identifiers.
Encryption
All data in transit is encrypted using TLS 1.2+. Data at rest is encrypted using AES-256 via Atlassian Forge infrastructure. BYOK API keys are stored using Forge Secrets storage with additional encryption.
EU Data Residency
Google Vertex AI regional endpoints (Netherlands, London) provide EU data residency with contractual guarantees. ML processing happens locally in the same region. Default providers (Cerebras, Groq) process data transiently in memory with zero retention.
No-Training Guarantee
All AI providers used by SuperTemplates have no-training policies for API data. Your prompts are not used to train AI models. Your data is not stored beyond the API request lifecycle.
6. Data Retention
We retain data only as long as necessary for the purposes described in this policy.
| Data Type | Retention Period |
|---|---|
| Templates & preferences | Until you delete them or uninstall the App |
| AI generation sessions | Transient — cleared after task creation or session end |
| AI provider data | Zero retention (default providers); see provider terms (BYOK) |
| BYOK API keys | Until admin revokes or App is uninstalled |
| Usage analytics | Aggregated, no personal data retained |
| App data after uninstall | Deleted per Atlassian Forge data retention policies |
7. AI Providers (Sub-processors)
We use the following third-party AI providers. All hold SOC 2 Type II attestation.
| Provider | Type | Data Retention |
|---|---|---|
| Cerebras | AI Included | Zero retention |
| Groq | AI Included | Zero retention |
| Google Vertex AI | AI Included | EU residency available |
| OpenAI | BYOK (admin opt-in) | No training on API data |
| Anthropic | BYOK (admin opt-in) | No training on API data |
| Google Gemini | BYOK (admin opt-in) | No training on API data |
BYOK providers require the site admin to supply their own API key. The App does not hold keys for these providers by default. When using BYOK, the provider's own privacy policy and terms of service apply to your data.
8. Admin Controls
Site administrators can:
- Disable specific AI models from the admin panel
- View per-user AI usage statistics
- Manage BYOK API keys (add, revoke, rotate)
- Disable analytics egress at the site level (app functions normally without analytics)
- Export or delete all app data for their organization
9. Your Rights (GDPR)
Under GDPR, you have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion of your data (“right to be forgotten”)
- Restrict processing — limit how we use your data
- Data portability — export your templates and configurations
- Object — opt out of analytics (admin toggle)
- Withdraw consent — revoke consent at any time without affecting prior processing
- Lodge a complaint — with a supervisory authority in your jurisdiction
To exercise any of these rights, contact us at support@supertemplates.ai. We will respond within 30 days.
10. California Privacy Rights (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:
- Right to know — what personal information we collect, use, or share
- Right to delete — request deletion of your personal information
- Right to opt-out — of the sale of personal information (we do not sell personal data)
- Right to non-discrimination — for exercising your CCPA rights
We do not sell personal information. We do not share personal information for cross-contextual behavioral advertising.
11. International Data Transfers
App data is stored on Atlassian Forge infrastructure within your Atlassian data residency region. AI prompts are sent to third-party providers that may process data outside the EEA.
For EU-only processing, administrators can configure Google Vertex AI with European regional endpoints (Netherlands, London). For other providers, data is processed transiently with zero retention.
12. Children's Privacy
The App is not intended for use by children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, contact us at support@supertemplates.ai and we will promptly delete it.
13. Changes to This Policy
We may update this policy when we add new AI providers or features. Material changes will be communicated through the App or via email to site administrators with at least 14 days' advance notice.
Contact
For privacy-related questions or data requests, contact us at support@supertemplates.ai