Privacy Policy
Last updated: April 16, 2026
Overview
CapMap is an Atlassian Forge application that runs entirely within the Atlassian Cloud platform. This privacy policy explains what data CapMap accesses, how it is stored, and your rights regarding that data.
Data Controller
CapMap is operated by Jakub Ďuriga, individual entrepreneur (OSVČ) registered in the Czech Republic, IČO 04286235. CapMap complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
Contact: [email protected]
What Data CapMap Accesses
CapMap accesses the following data from your Atlassian Confluence and Jira instances:
- Confluence pages — Titles, content, and metadata of pages used as CapMap issues and versions
- Confluence page properties — Custom properties stored on pages to hold CapMap metadata (issue type, status, links, release assignments)
- Confluence spaces — Space keys and names for organizing CapMap data
- Confluence user information — Display names of users for attribution purposes
- Jira issues — Issue keys and summaries when linking CapMap items to Jira (optional)
How Data Is Stored
- Forge Storage — CapMap stores application settings and API schema definitions using the Atlassian Forge Storage API. This data is hosted by Atlassian within their cloud infrastructure, in the same region as your Atlassian instance.
- Confluence Page Properties — Issue metadata (type, status, links, release) is stored as Confluence page properties attached to the respective pages.
- Confluence Attachments — API schema exports (YAML, XLSX) are stored as attachments on Confluence pages.
CapMap does not:
- Store any data outside of the Atlassian Cloud platform
- Transmit data to any third-party services that CapMap selects or contracts with on your behalf
- Use external databases or storage systems
- Collect analytics or telemetry data
- Use cookies or tracking technologies
Bring Your Own AI (Optional Features)
CapMap supports optional AI-assisted features that require you to configure CapMap with credentials and an endpoint for an AI provider of your own choice (such as Anthropic, OpenAI, Azure OpenAI, or another compatible provider). These features are off by default and only activated when you provide an AI provider configuration.
When you enable and use these features:
- CapMap acts only as a transit intermediary that forwards content (such as specification text) from your Atlassian Cloud Instance directly to the AI provider endpoint you configured, using credentials you supplied.
- CapMap does not select, host, or contract with any AI provider on your behalf.
- Your relationship with the AI provider is governed solely by your separate agreement with that provider, including any applicable international data transfers.
- If you do not configure an AI provider, no AI-assisted features are used and no data is sent outside of the Atlassian Cloud platform.
Data Processing
All data processing occurs within the Atlassian Forge runtime environment. CapMap operates under the Atlassian Forge security model, which means:
- The app runs in a sandboxed environment managed by Atlassian
- Network egress is restricted by Atlassian Forge to a small set of explicitly declared hostnames
- Outside of the optional Bring Your Own AI features described above, no external HTTP requests are made
Data Breach Notification: In the unlikely event of a personal data breach affecting Customer Data, CapMap will notify the affected Customer without undue delay and within 72 hours of becoming aware, in accordance with Article 33 GDPR.
Permissions
CapMap requests the following Atlassian scopes:
| Scope | Purpose |
|---|---|
read:page:confluence / write:page:confluence / delete:page:confluence | Create, read, modify, and delete CapMap issue and version pages in Confluence |
read:content-details:confluence / read:content.metadata:confluence | Access page content details and metadata for diff and version comparison features |
read:confluence-content.all / write:confluence-content | Perform content operations required throughout the CapMap issue lifecycle |
read:space:confluence | List and read Confluence spaces for settings and organization |
read:attachment:confluence / write:confluence-file | Read and attach files to Confluence pages (e.g. API schema exports) |
search:confluence | Find pages by label, title, and other criteria |
read:confluence-user | Display user names and avatars for attribution |
storage:app | Store application settings and metadata in Atlassian Forge storage |
read:jira-work / write:jira-work | Link CapMap items to Jira issues and create related tasks (optional) |
read:jira-user | Display Jira user names for attribution (optional) |
Data Retention
CapMap data persists as long as the associated Confluence pages and Forge storage entries exist. When you:
- Delete a Confluence page — the associated page properties are removed by Confluence automatically
- Uninstall CapMap — Forge Storage data is removed according to Atlassian's data retention policy. Confluence page properties and attachments created by CapMap remain on the pages.
- Use the Purge function — all CapMap metadata, settings, and schema data for a space can be explicitly removed via the Space Settings panel.
Your Rights
As a user of CapMap, you have the right to:
- Access — View all data CapMap stores via the Confluence UI and Space Settings
- Deletion — Remove all CapMap data for a space using the Purge function, or uninstall the app entirely
- Portability — Export API schemas in standard formats (OpenAPI YAML, XLSX)
Exercising Your GDPR Rights (EU/EEA Users)
If you are located in the European Union or European Economic Area, you have rights under the General Data Protection Regulation (GDPR), including the right of access (Article 15), rectification (Article 16), erasure (Article 17), restriction of processing (Article 18), data portability (Article 20), and objection (Article 21).
CapMap provides self-service tools for most of these rights. You do not need to contact us to exercise them:
- Right to Access / Portability — All CapMap data is stored as Confluence pages in your Atlassian instance. You can view, export, and copy this data directly via Confluence's built-in export features. CapMap additionally provides OpenAPI YAML and XLSX export for structured API schema data.
- Right to Rectification — You can edit any CapMap issue, feature, or version directly by editing the corresponding Confluence page.
- Right to Erasure ("right to be forgotten") — Use Space Settings → Admin → Purge All CapMap Data to permanently delete all CapMap pages, metadata, and stored configuration for a specific Confluence space. Alternatively, uninstalling CapMap removes all Forge-stored data automatically. Confluence pages created by CapMap can be deleted separately via Confluence's standard page deletion.
- Right to Restriction / Objection — Uninstall CapMap or disable AI-assisted features in Space Settings to stop further processing.
If you need assistance exercising any of these rights, or if the self-service tools are insufficient for your specific situation, contact [email protected]. We will acknowledge receipt promptly and respond within the statutory period (30 days as per GDPR Article 12(3)).
Changes to This Policy
We may update this privacy policy from time to time. Changes will be reflected in the "Last updated" date above. Continued use of CapMap after changes constitutes acceptance of the updated policy.
Contact
For privacy-related inquiries, contact: [email protected]