Privacy Policy

Last updated: 30 April 2026

1. Introduction

This Privacy Policy describes how Backlog Bridge ("we", "our", "us") collects, uses, and handles information when you use any of our applications published on the Atlassian Marketplace. Backlog Bridge is a brand operated by Anasita, MB, a company registered in Lithuania, European Union.

As an EU-based company, we comply fully with the General Data Protection Regulation (GDPR). We also respect applicable US privacy frameworks, including the California Consumer Privacy Act (CCPA) where applicable.

By installing or using any Backlog Bridge application, you agree to the practices described in this Privacy Policy.

2. What Data We Access

Our applications access data exclusively through the official Jira REST API and the Atlassian Forge platform. Depending on the specific application installed, this may include:

  • Issue data — issue keys, titles, types (Story, Epic, Sub-task), and hierarchy relationships
  • Time tracking fields — original estimates and logged time (worklogs) as stored natively in Jira
  • Project metadata — project keys and names, used to scope calculations to the correct context
  • User display names — shown within the application UI for context; not stored or processed externally

We access only the data strictly necessary to provide the functionality of each application. No data is accessed beyond what the installed application requires.

3. What We Do Not Collect

Backlog Bridge applications do not collect or store any of the following:

  • Passwords, authentication tokens, or credentials of any kind
  • Email addresses or personal contact information
  • Personal data beyond what Jira provides in the API response
  • Behavioral analytics, usage metrics, or tracking data
  • Any data from outside the Jira instance where the application is installed
  • Any data for advertising or marketing purposes

4. Data Storage and Retention

Backlog Bridge applications do not operate an external database or proprietary data store. All computations are performed at runtime within the Atlassian Forge sandbox environment and are not persisted outside of your Jira instance.

All Jira data — including worklogs, estimates, and issue metadata — remains stored exclusively within your Atlassian Jira instance. Uninstalling any Backlog Bridge application does not affect, modify, or delete any data in Jira.

Because we do not store personal data externally, there is no retention period to define — we simply do not retain it.

5. Data Sharing and Third Parties

We do not sell, rent, trade, or share your data with any third parties. Backlog Bridge applications do not integrate with external analytics platforms, advertising networks, or data brokers.

All data processing occurs exclusively within the Atlassian Forge runtime environment, which is governed by Atlassian's own security and privacy standards. For details, refer to the Atlassian Privacy Policy.

6. EU/EEA Users — GDPR Rights

As a company registered and operating within the European Union, we comply fully with the General Data Protection Regulation (GDPR). As a data subject under GDPR, you have the following rights:

  • Right of access — request confirmation of whether we process your personal data and obtain a copy
  • Right to rectification — request correction of inaccurate or incomplete personal data
  • Right to erasure (right to be forgotten) — request deletion of personal data we hold
  • Right to restriction of processing — request that we limit how we process your data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests
  • Right to withdraw consent — where processing is based on consent, withdraw it at any time

Because our applications do not store personal data outside of Jira, most of these rights are best exercised directly within your Atlassian Jira instance or via Atlassian's data management tools. To exercise any right or raise a concern, contact us at support@backlogbridge.com.

You also have the right to lodge a complaint with your national data protection authority. In Lithuania, this is the State Data Protection Inspectorate (vdai.lrv.lt).

7. US Users — CCPA and State Privacy Rights

For users located in California or other US states with applicable privacy laws, the following applies:

  • We do not sell personal information as defined under the California Consumer Privacy Act (CCPA)
  • We do not share personal information for cross-context behavioral advertising
  • We do not collect sensitive personal information as defined under CCPA

Because our applications do not store personal data externally, we are unable to fulfil data deletion or portability requests for data we do not hold. Any Jira data you wish to manage should be handled directly within your Atlassian Jira instance.

To submit a privacy request or ask questions about your rights, contact us at support@backlogbridge.com.

8. Security

Our applications are built on the Atlassian Forge platform, which provides a secure, isolated execution environment. All API calls are authenticated via Atlassian's OAuth 2.0 mechanism. We do not handle or store authentication credentials.

We follow the principle of least privilege — each application requests only the minimum Jira API permission scopes required for its specific functionality. No write scopes are requested unless a feature explicitly requires creating or modifying Jira data, in which case this is clearly disclosed in the application listing.

9. Atlassian API Scopes

Each Backlog Bridge application requests only the scopes necessary for its functionality. These are disclosed individually on each application's Atlassian Marketplace listing. As a general principle:

  • read:jira-work — used to read issue data, time tracking fields, and project information
  • Write scopes are only requested when an application feature explicitly requires modifying Jira data, and are always disclosed

10. Children's Privacy

Backlog Bridge applications are professional productivity tools intended for use within business Jira environments. They are not directed at children under the age of 16 (or 13 in the United States). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at support@backlogbridge.com.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our applications, legal requirements, or business practices. When we do, the updated version will be published at www.backlogbridge.com with a revised effective date.

For material changes, we will make reasonable efforts to notify users via the Atlassian Marketplace listing or our website. Continued use of any Backlog Bridge application after changes are published constitutes acceptance of the updated Policy.

12. Contact and Data Controller

Backlog Bridge is a brand of Anasita, MB, the data controller for the purposes of GDPR. If you have any questions about this Privacy Policy, wish to exercise your data rights, or need to report a concern, please contact us: