Trackly — Privacy Policy
Version 1.0 — to be hosted at https://instapush.org/trackly/privacy as a public HTML page. This Markdown file is the source-of-truth draft; the user publishes the rendered HTML before Phase 9 listing submission.
1. Who we are
This app is built and operated by Instapush, an Estonian legal entity. Contact:
Full legal registration details (Estonian registration number, VAT ID, registered address) are available on request at [email protected] and via Instapush's Atlassian Marketplace Partner profile.
2. What data we access
Trackly is a Jira Cloud time-tracking app built on Atlassian Forge. It accesses only the data needed to provide the time-tracking service, and only while installed on a customer Jira tenant.
2.1 Accessed via Atlassian APIs
- atlassianAccountId (pseudonymous identifier). Stored in Forge Custom Entity Store for as long as the app is installed.
- Jira issue and project metadata (issue key, project key, summary) — used to render the tracker, issue panel, and reports. Issue summaries are not persisted in Trackly storage.
- Worklog data (duration in seconds, start time, description, approval state, user account ID). Stored in Forge Custom Entity Store, mirrored to Jira's native worklog system so customer data remains portable.
- User display name — accessed during manager approval queue render. Cached for 4 hours in tenant-scoped Forge Key-Value Storage to avoid repeated Jira calls. Dropped after cache expiry.
- User email address — present in the GET /rest/api/3/user API response when we resolve display names. Instapush does not retain, cache, or log email addresses. The email is discarded immediately after the response is read.
- Jira user count (a single integer, per tenant). Cached for 1 hour in tenant-scoped KVS. The underlying users/search response bodies are never persisted.
2.2 Collected directly
None. Trackly has no signup flow, no web forms, no remote backend. All data is accessed via Atlassian's runtime.
2.3 Not accessed