Privacy Policy for the "Datawall" App
Privacy in the Datawall Atlassian app
- Home
- Privacy Policy for the "Datawall" App
Privacy Policy for the "Datawall" App
Last updated: 14 July 2026
Scope
This privacy policy applies to the "Datawall" app offered by Fragon Studios e.U. via the Atlassian Marketplace for Confluence Cloud and Jira Cloud.
For visits to our website, our general privacy policy additionally applies.
Provider and contact
The provider of the app and the contact for all privacy matters relating to Datawall is:
Fragon Studios e.U.
Moosfelderstraße 45
4030 Linz
Austria
Email: [email protected]
Core principle: no data transfer to Fragon Studios
Datawall runs entirely on the Atlassian Forge platform inside your organization's Atlassian environment (tenant). The app has no server infrastructure of its own outside Atlassian and makes no connections to external services ("zero egress"). Every published version meets the criteria of the Atlassian "Runs on Atlassian" program.
As a result, Fragon Studios never has access to content or personal data from your Confluence or Jira instances. No content data is transferred to Fragon Studios or to third parties.
What data the app processes inside your Atlassian environment
To detect sensitive data, Datawall reads the following content via the Atlassian product interfaces (REST APIs, with app credentials) and processes it transiently in the memory of Forge functions:
- Confluence: titles and bodies of pages, including macro content
- Jira: issue summaries, descriptions, comments, and text custom fields
- Jira: status and field names of the instance
Only the following data is stored persistently - in the Atlassian Forge hosted storage of your installation, never outside it:
- Findings: match type, severity, location, and a masked text snippet - the full detected value is never stored; additionally a SHA-256 checksum of the normalized value and the time of detection
- Attestations: affected scope, decision, Atlassian account ID of the acting administrator, reason, timestamp, and hash-chain checksums
- Scan runs: status and counters (no content)
- Configuration: scan scope, detector settings, and optional report metadata (e.g. organization name, data protection officer contact)
App logs contain neither content nor detected values - only technical identifiers and error codes.
Roles and responsibility
For the content stored in Confluence and Jira, your organization remains the data controller. Processing by Datawall takes place exclusively on Atlassian's infrastructure, which your organization uses under its existing agreements with Atlassian (including the data processing terms contained therein).
Fragon Studios does not process any personal data from your Atlassian environment in the course of the app's use.
Storage location and deletion
All data stored by the app resides in the Atlassian Forge hosted storage of the respective installation. Data residency follows Atlassian's Forge rules (including realm pinning, where configured for your instance).
When the app is uninstalled, the app data is deleted by Atlassian in accordance with the Forge storage lifecycle. Within the app, the attestation log is deliberately append-only and tamper-evident; it contains the Atlassian account ID of the acting administrator as part of the evidence record.
Purchase, licensing, and support
Trials, purchase, and billing are handled by Atlassian via the Atlassian Marketplace; Atlassian's privacy policy applies to these. As part of this process, Atlassian provides us with sales and licensing reports that may contain details about your organization and the contact data of the person you designated. We use this information exclusively for contract administration and support (Art. 6(1)(b) GDPR).
If you contact us by email (e.g. support requests to [email protected]), we process the information you provide in order to handle your request (Art. 6(1)(b) or (f) GDPR). Our general privacy policy additionally applies to email communication.
Note on Atlassian AI settings
Datawall does not read or change any Atlassian settings governing data use for AI training and does not exclude content from AI training. The app documents the decisions your administrators make themselves in Atlassian Administration.
Your rights
Since Fragon Studios does not receive personal data from customer instances, please direct requests concerning content in Confluence or Jira (access, rectification, erasure) to your organization's administrators.
For personal data we process in the context of licensing reports or support communication, you have the rights provided by the GDPR (access, rectification, erasure, restriction, data portability, objection). You also have the right to lodge a complaint with a supervisory authority; in Austria this is the Datenschutzbehörde (dsb.gv.at).
Changes to this privacy policy
We update this privacy policy when the app or the legal framework changes. The version published on this page applies.