Privacy Policy

Privacy Policy

How AI Mention Triage collects, sanitises, processes, and stores data. Written in plain English. Aligned with the Australian Privacy Act 1988, GDPR, and Atlassian Marketplace requirements.

Last updated: April 2026

Section 1

What is AI Mention Triage?

AI Mention Triage is an Atlassian Forge app built by Sivect. It monitors @mentions in Jira, Jira Service Management, and Confluence comments, classifies them using AI, and displays them in a personal priority inbox inside Jira. The app runs entirely inside Atlassian's Forge platform.

Section 2

What data we collect

We collect the following data when you use AI Mention Triage.

What we collect

  • Atlassian user account IDsto identify which inbox belongs to which user
  • Comment text from Jira, Confluence, and Jira Service Managementonly comments that @mention you, limited to 800 characters
  • Issue metadataissue key, title, type, priority, and status — to provide context in your inbox
  • Your app preferencessort order, view mode, muted projects, muted authors, dashboard configuration

What we do not collect

  • Email addresses
  • Passwords
  • Payment information
  • Location data
  • Any data from outside your Atlassian instance

Section 3

How we process your data before AI

Before any comment text is sent to our AI provider, it passes through a multi-layer PII sanitisation pipeline that detects and replaces:

DetectedReplaced with
Email addresses[EMAIL]
Phone numbers[PHONE]
API keys and authentication tokens[SECRET]
IP addresses[IP_ADDRESS]
Internal hostnames[HOST]
Atlassian account IDs[USER]
Customer and company names[CUSTOMER]
HR and legal sensitive terms (salary, NDA, PIP, termination)[SENSITIVE]
Personal name signatures[NAME]
Credit card numbers[CREDIT_CARD]

The AI never receives raw user data. Only the sanitised text and basic issue metadata (title, type, priority, status) are sent.

Section 4

Where your data is stored

All data is stored exclusively in Atlassian Forge Storage — Atlassian's own encrypted key-value store. There is no external database. There are no servers outside Atlassian's infrastructure managed by Sivect.

Your action items (comment text + classification)Forge Storage, isolated by your account ID
Your preferencesForge Storage, isolated by your account ID
Admin configurationForge Storage, shared within your Atlassian instance

Section 5

AI Processing — How It Works

AI Mention Triage uses Atlassian Forge AI for classification. Forge AI is Atlassian's in-platform LLM service — inference runs on Atlassian's own infrastructure, under Atlassian's Cloud Trust controls (SOC 2 Type II, ISO 27001/27018, GDPR). Sanitised text is processed inside the Atlassian platform and is never transmitted to a third-party AI provider. Before classification, the text passes through a multi-layer PII sanitisation pipeline — no raw user data, account IDs, names, emails, or identifiable information is ever included in the AI request.

What is sent to Forge AI: sanitised comment text with all PII replaced by typed tokens, plus basic issue metadata (title, type, priority, status — no user data).

What is never sent to Forge AI: raw comment text, Atlassian account IDs, email addresses, phone numbers, API keys, customer names, or any other identifiable information.

Comment text does not leave your Atlassian instance — Forge AI inference runs inside Atlassian's platform. Sanitised inference input is not retained by the model and is not used to train any model.

Sent to Forge AI

  • Sanitised comment text
  • Issue title
  • Issue type
  • Issue priority
  • Issue status

Never sent to Forge AI

  • Raw comment text
  • User account IDs
  • Email addresses
  • Any other identifiable information

Atlassian Forge AI does not train on customer inference data. For Atlassian's data handling commitments, visit atlassian.com/trust/privacy.

Section 6

Data retention

Active action itemsRetained until you resolve them
Resolved itemsDeleted after a 10-second undo window
Items older than 60 daysAutomatically evicted
Your preferencesRetained until you reset them or uninstall the app

Section 7

Your rights

You have the right to:

  • Access the data we hold about you
  • Request deletion of your data
  • Reset your preferences and inbox at any time from within the app (Settings → Data & Storage → Clear All)
  • Uninstall the app, which removes all associated data from Forge Storage

To exercise any of these rights, contact us at [email protected].

Section 8

Security

  • All data is encrypted at rest by Atlassian Forge Storage automatically
  • All data in transit uses HTTPS/TLS enforced by the Forge platform
  • AI inference uses Atlassian Forge AI — no external AI provider credentials are held by the app, and no API keys are exposed to users or written to logs
  • Logs are sanitised to remove PII before writing
  • User data is strictly isolated by account ID — no user can access another user's data

Section 9

Contact

For privacy questions or data requests:

Section 10

Changes to this policy

We will notify users of material changes to this policy via the app interface. Continued use of the app after changes constitutes acceptance.

Have a question this policy doesn't answer? We're happy to talk to your security or compliance team directly.

Contact usView product details →