Privacy Policy

Effective date: 13 May 2026 Last updated: 13 May 2026

This Privacy Policy describes how the Wheel of Fortune for Jira application (“the App”, “we”, “us”, or “our”) collects, uses, stores, and protects information when you install or use the App on an Atlassian Jira Cloud instance (“Instance”).

The App is distributed through the Atlassian Marketplace and is built on the Atlassian Forge platform. The App runs entirely inside Atlassian’s hosted infrastructure. We do not operate any external backend, database, or analytics service.

1. Who we are

The App is published by an independent Marketplace partner (“Partner”). For all privacy-related questions you can contact us at support@florenco.tech.

2. Scope

This Policy applies only to the Wheel of Fortune for Jira app. It does not apply to Atlassian Jira itself, to other Marketplace apps, or to any third-party services you may use alongside Jira. Your use of Jira is governed by Atlassian’s own Privacy Policy and Cloud Terms of Service.

3. What information the App processes

The App processes the following categories of information strictly to provide its core functionality:

3.1 Jira user directory data

With the read:jira-user and read:user:jira OAuth 2.0 scopes the App reads the user directory of your Instance to let an administrator build a lineup of participants. For each user the App can see:

• accountId (Atlassian account identifier)
• displayName
• avatarUrls
• emailAddress (only when exposed by Jira itself, subject to the user’s Atlassian privacy settings)
• active flag and accountType

This data is fetched on demand when an administrator opens the App’s user-picker. It is not copied to any external location.

3.2 App configuration data

The administrator may save a “lineup” (a wheel configuration) inside the App. The following is persisted in Atlassian-hosted Forge App Storage (storage:app scope), scoped to your Instance:

• The lineup name and description
• The list of participants (either Jira accountIds or free-text custom objects entered by the administrator)
• Selection history and the list of already-chosen participants
• The timestamp of the last spin

We do not persist any other Jira user attributes. Email addresses returned by Jira are used only for in-session display in the picker UI and are not written to App Storage.

3.3 Information we do NOT process

The App does not collect, transmit, or store:

• Jira issue content, project metadata, or attachments
• Audit logs, telemetry, or analytics events
• Passwords, API tokens, or authentication secrets
• IP addresses or device identifiers
• Cookies (the App is a Forge Custom UI page; it does not set cookies of its own)
• Any personal data of end-users beyond the Jira directory fields listed in section 3.1

4. Purpose and legal basis

We process the data described above for the sole purpose of operating the App’s randomization feature on behalf of the Atlassian customer (the “Controller” under GDPR). The legal basis is the contract between the Controller and the Partner, formed when an administrator installs the App, and the Controller’s legitimate interest in providing collaboration tooling to its users.

5. Where data is stored

All persistent App data is stored in Atlassian Forge App Storage, which is hosted on Atlassian Cloud infrastructure. The hosting region is determined by Atlassian for the customer’s Instance. We do not transfer App data outside of Atlassian’s infrastructure.

6. Sub-processors

The App has no sub-processors. We do not share data with any third party. The Forge runtime itself is provided by Atlassian and is the sole infrastructure used by the App.

7. Data retention and deletion

See the separate Data Retention and Deletion page for details. In summary:

• App configuration data is retained while the App remains installed.
• When the App is uninstalled, all data stored in Forge App Storage is deleted by the Atlassian platform.
• We do not retain backups in any external system, because no data ever leaves Atlassian’s infrastructure.

8. Your rights (GDPR, CCPA, and similar laws)

If you are an end-user and want your information removed from the App’s lineup, contact your Jira administrator. The administrator can remove you from any lineup at any time, which deletes the reference to your accountId in App Storage. If you are an administrator and want to exercise data-subject rights on behalf of users in your Instance, you can:

1. Edit or delete the lineup from the App’s UI to remove specific entries, or
2. Uninstall the App, which causes Atlassian to delete all of the App’s stored data, or
3. Contact us at support@florenco.tech for assistance.

We will respond to verified data-subject requests on a best-effort basis and within 30 days where required by applicable law.

9. Security

See the Marketplace Privacy & Security and Partner Security Policy pages for technical and organisational measures. In summary, the App relies on Atlassian Forge for execution, storage, and authentication; it requests only the minimum OAuth scopes necessary; and it does not store secrets.

10. Children’s data

The App is not directed to children under 16 and does not knowingly process information of children. The App only ever sees Jira users that the customer has provisioned in their workplace tenant.

11. Changes to this Policy

We may update this Policy from time to time. Material changes will be announced via the Marketplace listing and reflected in the “Last updated” date above. Continued use of the App after the effective date constitutes acceptance of the revised Policy.

12. Contact

Privacy and security questions: support@florenco.tech.