This Privacy Policy describes how the Auroright Entra ID <-> Assets Sync app (the App) collects, uses, stores, and protects information when installed in Atlassian products.
1. Who We Are
The App is provided by Auroright.
If you have questions about this Privacy Policy or the App's handling of personal data, you should contact the app provider through the support channel or contact method published with the app listing or installation materials.
2. What The App Does
The App connects a customer's Microsoft Entra ID tenant to Jira Service Management Assets in order to:
- read Microsoft Entra user profile information
- match Microsoft Entra users to Atlassian accounts by email address
- create, update, or inactivate employee records in Jira Service Management Assets
- store configuration and sync state needed to operate the integration
3. Information We Process
Depending on how the App is configured and used, the App may process:
- Microsoft Entra tenant ID
- Microsoft Entra client ID
- Microsoft Entra client secret
- Atlassian account IDs
- Atlassian user email addresses
- Atlassian user account status information
- Microsoft Entra user IDs
- Microsoft Entra user names and display names
- Microsoft Entra email addresses and user principal names
- Microsoft Entra department values
- Microsoft Entra job title values
- Microsoft Entra account enabled or disabled status
- Microsoft Entra manager information, including manager name and email or user principal name
- Jira Service Management Assets object data created or updated by the App
- sync history, diagnostics, and operational metadata
The App is not intended to collect payment card information, special category personal data, or personal data unrelated to the sync functionality.
4. How We Use Information
We use the information processed by the App to:
- authenticate the App against Microsoft Entra
- verify the configured Microsoft Graph connection
- read Microsoft Entra directory data required for the integration
- match Microsoft Entra users to Atlassian users
- create and maintain employee records in Jira Service Management Assets
- support preview, manual sync, and scheduled sync features
- troubleshoot, monitor, and improve the reliability of the App
- maintain sync status, run history, and checkpoint state for resumable processing
We do not use customer data from the App for advertising.
5. Where Information Comes From
The App receives information from:
- administrators who configure the App
- the Atlassian site where the App is installed
- Microsoft Entra and Microsoft Graph, based on the permissions granted by the customer
6. Storage And Retention
The App uses Atlassian Forge hosted storage and secret storage.
The App stores the following categories of data in Forge-hosted storage:
- app configuration values such as tenant ID, client ID, and sync interval
- the Microsoft Entra client secret in Forge Secret Store
- sync state
- sync history
- resumable checkpoint information
- cached Microsoft Entra directory metadata used to improve sync performance
- cached Jira Service Management Assets snapshot metadata used to improve sync performance
The App also writes and updates data in the customer's Jira Service Management Assets instance.
Data is retained for as long as necessary to operate the App, support the sync process, maintain recent sync history, and provide operational resiliency, unless the customer removes the App or deletes the relevant data from Atlassian or Microsoft systems.
7. Logging And Diagnostics
The App may generate operational logs and diagnostic records, including:
- sync start and completion events
- preview summaries
- counts of matched and unmatched users
- warning and error messages
- retry and throttling events
- write failure summaries
These logs are used for troubleshooting, reliability, and support. Logs are not intended to store full directory exports.
8. Data Sharing
The App processes data through the following platforms and services:
- Atlassian Forge
- Jira Service Management Assets
- Microsoft Entra ID
- Microsoft Graph
The App does not sell customer personal data.
The App does not share customer data with unrelated third parties except where required to operate the App, comply with law, enforce rights, or protect security.
9. International Processing
Because the App uses cloud infrastructure provided by Atlassian and interacts with Microsoft cloud services, customer data may be processed in jurisdictions where those providers operate infrastructure, subject to the providers' applicable security and data handling commitments.
10. Security
We take reasonable steps to protect data processed by the App, including:
- using Atlassian Forge hosted storage and secret storage
- storing the Microsoft client secret in Forge Secret Store
- limiting processing to the data needed for the App's functionality
- using Microsoft Graph permissions required for the integration
- relying on Atlassian and Microsoft platform security controls for transmission and hosted execution
No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
11. Customer Responsibilities
Customers are responsible for:
- configuring the App lawfully
- obtaining any required internal permissions or notices
- granting Microsoft Graph permissions appropriate to their intended use
- reviewing what data is synchronized into Jira Service Management Assets
- managing access within Atlassian and Microsoft environments
12. Children
The App is not directed to children and is intended for business and administrative use.
13. Changes To This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will update the date at the top of this document and may provide additional notice where appropriate.
14. Contact
For privacy questions, support requests, or data-related inquiries concerning the App, please use the support or contact information published for the app provider.