FirstTry Trust Center v4.4.2
Pack v4.4.2Rev 4.4.2OwnerFirstTry SolutionsLast Updated2026-02-26ReviewAnnualDoc IDFT-TRUST-004

Privacy Policy

1. Overview

FirstTry is an Atlassian Forge application that reads Jira governance data and stores compliance snapshots in Atlassian's Forge Storage. This policy describes how FirstTry handles user data.

2. Data Collection

Data collected:

  • User names, email addresses, Jira user IDs (via GET /rest/api/3/myself and GET /rest/api/3/permissions)
  • Project metadata (names, leads, keys)
  • Permission and role assignments

Data NOT collected:

  • Jira issue content, comments, attachments
  • Jira user profile details beyond role/permission context
  • External collaboration data
  • API rate limit metrics (platform telemetry only)

3. Data Storage

Where: Atlassian Forge Storage (encrypted at rest by Atlassian)

Duration:

  • Default: 90 days per snapshot retention policy
  • Configurable by Jira admin via uninstall or manual deletion

Deletion: See UNINSTALL_DELETION.md

4. Data Usage

Primary use: Generating compliance evidence and governance reports visible to Jira administrators.

Secondary uses:

  • Audit trail (ledger) for forensic review
  • Export archive creation
  • Dashboard metrics display

No secondary uses:

  • No AI training or model development
  • No third-party analytics integration
  • No behavior-based profiling or targeting
  • No selling or licensing of data

5. Data Sharing

FirstTry shares data with:

  • Jira admin: Via dashboard gadget and export downloads
  • Atlassian platform: KV store encryption and backups (platform-managed)

FirstTry does NOT share data with:

  • External services or APIs (zero egress)
  • Third-party analytics providers
  • FirstTry SaaS backend (no FirstTry-owned services)
  • Competitors or partners

6. User Rights (GDPR/CPRA Context)

Right to Access

Users can request access to their personal data by asking the Jira admin to export compliance evidence (ZIP archive contains user IDs, names, emails).

Right to Deletion

Users can request deletion via Jira admin:

  1. Admin uninstalls FirstTry app
  2. Request submitted to Jira admin or Atlassian support
  3. Deletion processed within 30 days (see UNINSTALL_DELETION.md)

Right to Portability

Jira admin can export all data as ZIP archive (portable, machine-readable format).

Right to Object

Users can request non-processing of their data (opt-out):

  • Not feasible: FirstTry requires user permission data for governance function
  • Alternative: Jira admin can uninstall app (full data deletion)

7. International Transfers

Data residency: Determined by customer's Jira Cloud region selection.

8. Security

See SECURITY_OVERVIEW.md for encryption, access control, and authentication details.

9. Contact

Privacy inquiries: privacy@firsttry.run or see SECURITY_CONTACT.md

10. Changes to This Policy

We will:

  1. Update this document for material changes
  2. Commit updates to git with notice
  3. Notify customers via release notes (CHANGELOG.md)

References