Privacy Policy

Last updated: February 23, 2026

1. Introduction

This Privacy Policy describes how Andreal Capacity Planning ("the App", "we", "us") handles information when you use our Atlassian Forge application. We are committed to protecting your privacy and being transparent about our practices.

2. Information We Access

The App accesses the following Jira data through Atlassian's Forge platform:

• Project data — project names and keys
• Board data — Scrum board names and IDs
• Sprint data — sprint names, dates, and states
• Issue data — issue keys, summaries, assignees, status, time tracking estimates, and issue types
• User data — display names and avatars of team members assigned to issues

3. How We Use Your Data

All data accessed by the App is used solely to calculate and display sprint capacity planning information. Specifically:

• To calculate each team member's task utilization based on original time estimates or story points
• To display sprint progress (In Progress, Done counts) and risk alerts
• To detect carry-over and adhoc issues for accurate capacity planning
• To enable inline editing of issue estimates and status transitions directly from the App
• To generate capacity reports (PDF/Excel exports) and Gantt chart timelines

4. Data Storage

The App runs entirely on Atlassian Forge infrastructure. We do not operate external servers and do not transmit your data outside of Atlassian's platform.

• Sprint configurations (member hours, leave, buffer settings) are stored using Atlassian Forge Storage, which resides within Atlassian's infrastructure.
• No Jira data (issues, users, projects) is stored or cached by the App beyond the current browser session.
• No data is sent to third-party services, analytics platforms, or external servers.

5. Data Sharing

We do not sell, rent, or share your data with any third parties. Your Jira data is only accessed within your Atlassian instance and is never transmitted externally.

6. Security

The App leverages Atlassian Forge's built-in security features:

• All API calls are authenticated through Forge's runtime (no stored credentials)
• The App runs in Atlassian's sandboxed environment with limited, scoped permissions
• No API tokens or passwords are collected or stored by the App

7. Permissions

The App requests the following Atlassian scopes:

• read:jira-work — Read issues and time tracking data
• read:jira-user — Read assignee display names and avatars
• read:project:jira — Read project names for project selector
• read:board-scope:jira-software — Read Scrum boards linked to projects
• read:sprint:jira-software — Read sprint names, dates, and states
• read:issue:jira-software — Read sprint backlog issues via Agile API
• read:issue-details:jira — Read issue fields (status, estimates, subtasks)
• write:jira-work — Update issue estimates and status transitions from backlog view
• storage:app — Store sprint configuration (member allocation, holidays, buffer) within Forge

Write access is limited to issue updates initiated by the user through the App's inline editing features. The App never modifies data without explicit user action.

8. User Rights

You can:

• Uninstall the App at any time through your Jira administration panel, which removes all stored sprint configurations.
• Review permissions granted to the App via your Atlassian admin settings.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be reflected on this page with an updated "Last updated" date.

10. Contact

If you have questions about this Privacy Policy, contact us at: support@andrealtech.com