Data Privacy Policy
Version 2.1.0
Last Updated: March 31, 2026
Encryption Standard
All persistent configuration is secured using Atlassian's Forge Storage with 256-bit AES encryption at rest.
No External App Database
Smartif.ai does not operate a separate external database for Refinely. Relevant prompt content is processed only when sent to the configured AI provider for a user-initiated workflow.
1. Introduction
Smartif.ai ("the Company," "we," "us," or "our") provides **Refinely**, an Atlassian Forge application ("the App") designed to automate and enhance Jira backlog refinement through artificial intelligence.
This Privacy Policy describes how Refinely operates as a Forge-native orchestration layer, with persistent app state stored in Forge and third-party AI processing occurring only when needed to fulfill a user request.
2. Data Access & Ingestion
Refinely utilizes the Atlassian Forge runtime to access Jira data via established OAuth 2.0 scopes. We only ingest data that is explicitly required for the refinement process:
Project Context
Issue summaries, descriptions, and custom fields metadata necessary for AI grounding.
User Identity
Basic Atlassian Account IDs and display names for audit logging within your instance.
Interaction History
Configuration settings and refinement preferences stored in Forge Storage.
3. Third-Party AI Processing & Egress
To provide refinement logic, Refinely orchestrates the secure transmission of issue context to supported LLM providers (Google Gemini, OpenAI, and Anthropic). **This process involves data egress from the Atlassian Cloud perimeter to the API endpoint of your chosen provider.**
BYOK Architecture & Data Sovereignty
"Under our Bring Your Own Key (BYOK) model, the relationship between the data and the AI provider is governed by YOUR enterprise agreement with that provider."
Expanded Safeguard: PII Masking
For applicable expanded-package workspaces, Refinely can apply a local masking layer to redact supported sensitive identifiers from outbound prompt content. This safeguard is not part of the Standard Marketplace tier.
Orchestration & Storage
Smartif.ai does not store individual prompt logs in a separate external app database. Generation state and session history are persisted in your encrypted Atlassian Forge storage environment. Transmission occurs over encrypted TLS tunnels.
4. Security & Infrastructure
Smartif.ai leverages Atlassian’s Forge infrastructure to provide a secure refinement environment. Our security model includes:
- **Data Encryption:** All data is encrypted using industry-standard AES-256 both at rest and in transit (TLS 1.2+).
- **Isolation:** Each tenant's data is logically separated within the Atlassian Forge environment.
- **Authentication:** Secure OAuth 2.0 flows ensure only authorized users access your Jira instance.
5. Data Sovereignty & Retention
Refinely adheres to the **Principle of Least Persistence**.
- **Requirement Data:** Not persisted in a separate Smartif.ai app database. It resides in your Jira instance, Forge storage, and any configured third-party provider you choose to use for processing.
- **Session History:** Persisted in Atlassian Forge Storage (isolated per installation) until deleted by a user or the App is uninstalled.
- **Work Instruction Indexes:** Stored as vector embeddings in Forge Storage to enable context-aware generation.
- **Configuration:** Persisted in Forge Storage until the App is uninstalled or reset by an Administrator.
6. Regulatory Compliance & Individual Rights
As a data processor operating within the Atlassian Cloud, we support your compliance with global regulations:
- **GDPR/CCPA:** We facilitate data access and deletion requests through Forge-hosted storage and documented provider disclosures.
- **Data Portability:** Your requirements data remains in Jira, ensuring you maintain full portability.
7. Contact & Legal Inquiries
For security questionnaires, DPA requests, or technical inquiries regarding our data handling practices, please contact support.
Contact support