Privacy Policy
Last updated: December 3, 2025
Summary: Jira IQ accesses your Jira data only to provide its features. We don't sell your data, don't track you across the web, and don't store your Jira content on our servers.
1. Information We Collect
1.1 Jira Data (via OAuth)
When you connect Jira IQ to your Atlassian account, we access:
- Issue details (title, description, status, comments, changelog)
- Sprint and board information
- Project metadata
- User display names and avatars (for team features)
This data is processed in your browser and is not stored on our servers. OAuth tokens are stored securely in Chrome's encrypted storage.
1.2 AI Processing
When you use AI features (summaries, Q&A, duplicate detection), your issue content is sent to Google's Gemini API for processing. Google processes this data according to their privacy policy. We use Gemini's API with no data retention enabled.
1.3 Payment Information
If you upgrade to Pro, payment processing is handled entirely by Stripe. We never see or store your credit card details. We receive only:
- Your email address (for account identification)
- Subscription status (active/cancelled)
- Stripe customer ID (for billing management)
1.4 Analytics
We collect anonymous usage analytics to improve the product:
- Feature usage counts (which features are used, not the content)
- Error rates and types
- Extension version and browser type
We use Google Analytics with IP anonymization enabled. We do not track individual user behavior or create advertising profiles.
2. How We Use Your Information
We use collected information solely to:
- Provide Jira IQ's features (timeline, summaries, predictions, etc.)
- Process your subscription payments
- Improve the product based on aggregate usage patterns
- Send critical service notifications (e.g., subscription status changes)
3. Data Storage
3.1 Local Storage
Most data is stored locally in your browser using Chrome's storage APIs:
- Your settings and preferences
- Cached AI summaries (to reduce API calls)
- License and subscription status
- OAuth tokens (encrypted)
3.2 Server Storage
Our servers (hosted on Vercel) store only:
- Subscription status linked to email address
- Aggregate usage counts for rate limiting
We do not store your Jira issues, comments, or any project content on our servers.
4. Data Sharing
We do not sell, rent, or share your personal data with third parties for marketing purposes. We share data only with:
- Atlassian - For OAuth authentication (you authorize this directly)
- Google (Gemini API) - For AI processing (content only, not stored)
- Stripe - For payment processing
- Vercel - For hosting our backend services
5. Data Security
We implement security measures including:
- OAuth 2.0 with PKCE for Atlassian authentication
- HTTPS encryption for all API communications
- Secure token storage using Chrome's encrypted storage
- No server-side storage of sensitive Jira content
6. Your Rights
You can:
- Access your data - View all locally stored data in Chrome's developer tools
- Delete your data - Uninstalling the extension removes all local data; email us to delete server-side data
- Revoke access - Disconnect from Jira in the extension settings or revoke access in your Atlassian account settings
- Export your data - Contact us for a copy of any data we store about you
7. Children's Privacy
Jira IQ is not intended for children under 13. We do not knowingly collect information from children.
8. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes via the extension or email (if you're a subscriber).
9. Contact Us
For privacy questions or data requests, contact us at:
10. California Privacy Rights (CCPA)
California residents have additional rights:
- Right to know what personal information we collect
- Right to request deletion of personal information
- Right to opt-out of the sale of personal information (we don't sell data)
- Right to non-discrimination for exercising privacy rights
11. European Privacy Rights (GDPR)
If you're in the EU/EEA, you have rights under GDPR including:
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
Our legal basis for processing is:
- Contract - To provide the service you signed up for
- Legitimate interest - For analytics and service improvement
- Consent - For optional features you enable