Trust & security

Data security and privacy

How RaleyApps add-ons for Jira and Jira Service Management access, process, store, and protect your data — including hosting locations, encryption, and data retention.

Effective 4 November 2022 · Inversion Point OÜ

This statement describes the data access, handling, and storage practices for all Raley add-ons. It applies to every Raley app published by Inversion Point OÜ on the Atlassian Marketplace.

Hosting infrastructure

All cloud-hosted systems run on digitalcloud.com and Amazon AWS servers located in Amsterdam and the USA. Server access is limited to the RaleyApps support team.

  • Data retention after uninstall: user-provided data is retained for up to 60 days, then permanently deleted.
  • Third-party sharing: data is never shared with third parties except as required by law.
  • Encryption: all communication between the app and Jira uses SSL and JWT encryption.
  • Google API compliance: the apps comply with the Google API Services User Data Policy.

Cloud-hosted apps

Raley Email Notifications

Permissions: READ · WRITE · ADMIN · ACCESS_EMAIL_ADDRESSES

What it reads: Jira issues, projects, and versions; user data and email addresses from Jira groups and accounts.

What it stores: configuration data (including SMTP, Slack, or HipChat credentials if configured), backed up for 30+ days. When audit is enabled, it writes a copy of sent notifications as private issue comments. It does not persistently store the details of your Jira issues, projects, or versions.

Gmail OAuth: when configured for Gmail, the app stores Message-ID headers and user name/email to enable email threading.

Raley Intake Forms

Permissions: READ · WRITE · ADMIN

What it does: reads issue and project metadata to build forms, and creates Jira issues and JSM customers from form submissions.

What it stores: it does not store submitted form data. All iframe rendering is HTTPS-protected, communication is secured via SSL and JWT, and configuration is backed up for 30+ days.

Raley Procurement and Quotation

Permissions: READ · WRITE · ADMIN · ACCESS_EMAIL_ADDRESSES

What it stores: workflow statuses, project keys, issue keys, and quantitative PO data (line amounts, summaries). It does not store private user information. Configuration is backed up for 30+ days.

Raley Bookman

Permissions: READ · WRITE · DELETE

What it reads: Jira issues matching configured JQL queries, and JSM Assets workspace information.

What it stores: app-specific booking attributes attached to Jira issues / JSM requests. It does not store private user information, and configuration is backed up for 30+ days.

Server-hosted apps

Raley Notifications (Server)

Permissions: READ · WRITE — issues, attachments, projects, and users on the host Jira server

What it stores: all configuration is stored locally on your Jira server — no data is transmitted to external systems or third parties. RaleyApps does not collect installation data from server instances, and disaster recovery relies on your Jira server's own database backup.

Questions?

For data or privacy questions, contact us at support@raleyapps.com.