Privacy Policy & Terms of Use
How we handle your data and the terms governing the use of Votazz products.
Product Privacy Notices
For per-app privacy details, see the standalone notices below. The rest of this page covers shared rights, retention, contact, and the Data Processing Agreement.
- Diagrams.now — Visual diagrams for Confluence (Forge App)
- DaySignal — Sprint Health, Velocity, Blockers for Jira (Forge App) — see §12.2 below
- Connect & Data Center Apps — see §12.1 below
Privacy Policy
Last updated: May 2026
Votazz Software (“Votazz”, “we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect information when you use our website (votazz.co), our Atlassian Marketplace apps for Jira and Bitbucket, and our support services.
1. Information We Collect
Personal Information: Name, email address, company name, and job title when you contact support, request a trial, or fill out forms on our website.
App Configuration Data: Settings you configure within our Atlassian apps (e.g., webhook URLs, notification preferences, filter rules). This data is stored within your Atlassian instance and only accessed by us when you explicitly request support.
Atlassian Marketplace Data: When you install our apps, Atlassian Marketplace shares your contact email and license information with us as the vendor. The extent to which an individual app accesses content from your Atlassian instance (issues, comments, sprint data, etc.) depends on the permissions declared in that app’s manifest and varies per product. Per-app data processing details are described in Section 12 below.
Usage and Analytics Data: Anonymized usage data such as which features are used most, error reports, and performance metrics. This helps us improve our products.
Website Analytics: When you visit votazz.co, we collect information via cookies and tracking technologies including IP address, browser type, pages visited, time on site, and referring URL.
2. How We Use Your Information
- To provide, maintain, and improve our products and services
- To respond to support requests and customer inquiries
- To send important updates about our products (security patches, version changes)
- To analyze website usage and improve user experience
- To comply with legal obligations
- To detect, prevent, and address technical issues or security incidents
We do not sell, rent, or share your personal data with third parties for marketing purposes.
3. Third-Party Services
We use the following third-party services to operate our website and business:
- Google Analytics & Google Tag Manager — website usage analytics
- Atlassian Marketplace — license management and customer information
- Email service providers — to deliver support responses and product updates
Each third-party service has its own privacy policy. We recommend reviewing them.
4. Cookies & Tracking
Our website uses two types of cookies:
- Essential cookies — necessary for the website to function (session management, security)
- Analytics cookies — Google Analytics cookies to understand how visitors use our site
You can control or disable cookies through your browser settings. Disabling essential cookies may affect website functionality.
5. Data Retention
- Support emails: retained for as long as needed to provide ongoing support, then archived for up to 3 years for reference
- App configuration and runtime data: for Connect and Data Center apps, configuration is stored within your Atlassian instance and is removed when you uninstall the app. For Forge apps, configuration and any cached operational data are stored in Atlassian-managed cloud storage region-pinned to your Atlassian site; on uninstall, the Forge platform automatically places this data in soft-delete for 30 days and then purges it permanently. Per-app retention details are listed in Section 12.
- Application logs: retained for a maximum of 30 days for troubleshooting
- Analytics data: retained per Google Analytics defaults (currently 14 months)
- License records: retained as required by Atlassian Marketplace and tax law
6. Data Storage & Security
All data is stored securely with industry-standard encryption (TLS in transit, AES-256 at rest where applicable). We participate in the Atlassian Marketplace Security Bug Bounty Program.
While we follow industry best practices, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
7. International Data Transfers
Votazz operates internationally. Your information may be transferred to and processed in countries other than your own (including Australia, the United States, and the European Union). When transferring data internationally, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) where required by GDPR.
8. Your Rights (GDPR & CCPA)
You have the following rights regarding your personal data:
- Right to Access: request a copy of the personal data we hold about you
- Right to Rectification: request correction of inaccurate or incomplete data
- Right to Erasure (“Right to be Forgotten”): request deletion of your personal data
- Right to Restriction: request that we limit processing of your data
- Right to Data Portability: request your data in a portable format
- Right to Object: object to processing based on legitimate interests
- Right to Withdraw Consent: withdraw consent at any time where we rely on consent
To exercise any of these rights, contact us at support@votazz.co. We will respond within 30 days.
9. Children’s Privacy
Votazz products are intended for business use. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us so we can take steps to remove it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be announced on our website. Continued use of our services after changes constitutes acceptance of the updated policy.
11. Contact
For privacy-related questions or to exercise your rights, contact us at:
Email: support@votazz.co
Address: Votazz Software, 1420 5th Ave, Suite 2200, Seattle, WA 98101, USA
12. App-Specific Data Processing
This section provides per-product detail. The general policy above applies to every app we publish; the differences below reflect each product’s architecture (Atlassian Connect, Data Center, or Forge).
12.1 Connect & Data Center Apps
The following apps run inside the customer’s Atlassian instance (Connect) or on customer-managed infrastructure (Data Center). They do not copy Jira or Bitbucket content into Votazz-operated systems; configuration is stored within the customer’s Atlassian instance or in app-specific encrypted storage as documented per product:
- Filter & Dashboard Manager for Jira
- Threaded Comments for Jira
- Sub-tasks Manager for Jira
- Release Manager for Jira
- Home Directory, Database & Log File Browser for Jira
- Advanced Microsoft Teams Connector for Bitbucket
- GitLab Connector for Jira
- Google Chat integration for Bitbucket
- Jenkins and Azure DevOps Post Webhooks for Bitbucket
- Slack notifications for Bitbucket
12.2 DaySignal — Sprint Health, Velocity, Blockers for Jira (Forge App)
DaySignal is built on Atlassian Forge. All app code, compute, and customer data run inside Atlassian’s hosted Cloud platform with no external egress. DaySignal is “Runs on Atlassian” eligible — verified via the Forge eligibility CLI. The manifest declares no external permissions, no web triggers, and no remote endpoints.
Permissions (Atlassian scopes declared in the Forge manifest):
| Scope | Purpose |
|---|---|
read:jira-work | Read issues, comments, statuses, custom fields, projects |
read:jira-user | Read user profile data (display name, accountId, timezone) |
read:sprint:jira-software | Read sprint name, state, dates, issue membership |
read:board-scope:jira-software | Read board configuration for sprint discovery |
read:issue:jira-software | Read agile-specific issue fields (sprint links, story points) |
send:notification:jira | Deliver digest emails via the Atlassian Notify API |
DaySignal does not request any write scopes; it never modifies your Jira issues.
What we store (Atlassian-managed Forge SQL on TiDB, 11 tables):
| Table | Stores | Retention |
|---|---|---|
user_settings | accountId, displayName, timezone, delivery hour, daily-days bitmap, project filters, blocker threshold, scope preferences, planning_checks_enabled. No email column. | While installed |
daily_changes | Issue activity events: issue_key, summary (max 500 chars), project_key, assignee, reporter, mentioned_ids, comments, blocking_links, status, priority, due_date, story_points | 9 days |
tracked_issues | Issue state cache: key, summary (max 500 chars), status, priority, assignee, sprint, blocking_links, story_points, closed_at | 90 days closed / 30 days legacy |
pending_mentions | mentioning user, issue_key, comment_id, comment_text (truncated to 500 chars), mentioned_at, acknowledged_at | 14 days acknowledged / 30 days unacknowledged |
digest_log | accountId, digest_date, digest_type, status — for de-duplication and rate limiting | 30 days |
trigger_runs | Cron observability: counts only (issues_collected, emails_sent), no PII | 9 days |
user_project_access | accountId, project_key, checked_at — ACL filter cache | 7 days inactivity |
sprints | Sprint master: sprint_id, name, state, dates, board_id, goal | While installed |
project_velocity | project_key, period_end, velocity_value, sprint_count_in_window | While installed |
project_sprint_marker | Sprint discovery cursors per project | While installed |
app_cache | Generic key/value cache (onboarding state flag, Sprint custom field ID, etc.) | TTL per entry |
What we do NOT store:
- Email addresses — DaySignal does not retain user email addresses. Digest delivery uses the Atlassian Notify API, which resolves the email from accountId server-side at send time.
- Issue body or description full text (summaries are truncated to 500 characters)
- Attachment files
- Source code or repository contents
- Cross-tenant data — each Atlassian site’s installation is isolated by Forge
- Payment information — handled by the Atlassian Marketplace
Where data lives: Atlassian-managed Forge SQL (TiDB), region-pinned to your Atlassian site’s region — Atlassian’s choice based on your tenancy. There is no data egress from Atlassian Cloud to Votazz-operated infrastructure or any third party. See Atlassian’s Forge tenant data isolation documentation for the platform isolation model.
Subprocessors: None outside Atlassian. DaySignal does not transmit data to external analytics, monitoring, or any third-party service. There is no Mixpanel, PostHog, Google Analytics, Sentry, or similar integration. All compute, storage, and email delivery stay inside Atlassian Cloud.
Data deletion: When you uninstall DaySignal, the Atlassian Forge platform automatically places your tenant’s data in soft-delete for 30 days, after which it is permanently purged. While the app is installed, you may email support@votazz.co to request immediate erasure of your personal data; we will remove your accountId-keyed records from the DaySignal database and stop delivering digests to you.
Your rights: The GDPR and CCPA rights described in Section 8 apply to data processed by DaySignal. The “Right to Erasure” while the app is installed means your accountId-keyed records are removed from the DaySignal database and digest delivery stops. After uninstall, the data follows the platform 30-day soft-delete behavior described above.
13. Data Processing Agreement (DPA)
This section constitutes the Data Processing Agreement between Votazz Software (“Processor”) and the Customer (“Controller”) for any of our apps that process Personal Data on the Customer’s behalf, including DaySignal, Filter & Dashboard Manager, Threaded Comments, and others. By installing and using our apps, the Customer accepts the terms of this DPA.
13.1 Scope of Processing
We process Personal Data only on documented instructions from the Customer, which are reflected in:
- Our app’s stated functionality and Atlassian Marketplace listing
- The Customer’s app configuration (settings, project filters, delivery times)
- The Atlassian permission scopes the Customer authorizes during installation
The categories of Personal Data, processing purposes, and retention periods are documented in Sections 1, 5, and 12 of this Privacy Policy.
13.2 Sub-processors
We use only the following sub-processor:
- Atlassian Pty Ltd (Forge platform, Forge SQL storage, Notify API for email delivery, all authentication and licensing) — governed by Atlassian’s own DPA at https://www.atlassian.com/legal/data-processing-addendum
We will notify Customers in advance of any change to this sub-processor list. Customers may object to new sub-processors by contacting support@votazz.co.
13.3 Confidentiality
All personnel authorized to process Personal Data are bound by written confidentiality obligations.
13.4 Security
We implement technical and organizational measures commensurate with the risk of processing, including encryption in transit (TLS) and at rest (AES-256 where applicable through the Forge platform), access controls, and audit logging within Atlassian-managed infrastructure. See Section 6 for details.
13.5 Data Subject Rights
We assist the Customer (Controller) in fulfilling Data Subject Rights requests (access, rectification, erasure, restriction, portability, objection, and withdrawal of consent) through technical means available within the Forge platform, including immediate data deletion upon request via support@votazz.co and complete tenant data purge via the Forge uninstall lifecycle.
13.6 Personal Data Breach Notification
We will notify the Customer without undue delay (and in any event within 72 hours of becoming aware) of any Personal Data Breach affecting the Customer’s data. Notice will be sent to the Customer’s Atlassian contact email and to support@votazz.co for follow-up.
13.7 Audits
The Customer may request reasonable information necessary to demonstrate compliance with this DPA by contacting support@votazz.co. Audit obligations are otherwise satisfied by relying on Atlassian’s certifications (SOC 2, ISO 27001) for the underlying infrastructure.
13.8 Return or Deletion of Data
Upon termination or uninstallation, all Personal Data is purged via the Forge platform’s standard data lifecycle (soft-delete within 30 days, then permanent erasure). Customers may request immediate erasure by contacting support@votazz.co.
13.9 International Transfers
Where Personal Data is transferred internationally, the transfer relies on Atlassian’s region-pinning of the Forge platform and Atlassian’s own international transfer mechanisms, including Standard Contractual Clauses (SCCs) where applicable.
13.10 Liability and Limitation
Our liability under this DPA is subject to the Limitation of Liability set out in our Terms of Use (Section 6 below).
13.11 Effective Date and Governing Law
This DPA is effective as of the date the Customer installs any of our apps. It is governed by the same law as the Atlassian Marketplace Customer Agreement and supplements that agreement with respect to data processing.
13.12 Contact
For DPA-related questions, sub-processor objections, or to exercise audit rights, contact us at support@votazz.co.
Terms of Use
1. Acceptance of Terms
By accessing or using Votazz products and services, you agree to be bound by these Terms of Use. If you do not agree to these terms, please do not use our services.
2. License
Use of Votazz apps is governed by the End User License Agreement available on the Atlassian Marketplace. Each app is licensed per user tier as published on its Marketplace listing.
3. Support & Maintenance
Active subscriptions include email support and updates. Support hours are Monday – Friday, 9am – 5pm AEST/AEDT.
4. Refunds
All purchases are subject to the Atlassian Marketplace refund policy. New purchases include a 30-day money-back guarantee.
5. Acceptable Use
You agree not to use Votazz products for any unlawful purpose, to violate any third-party rights, or to attempt to gain unauthorized access to any systems or networks.
6. Limitation of Liability
Votazz products are provided “as is” without warranty of any kind. We are not liable for any indirect, incidental, or consequential damages arising from the use of our products. Our total liability shall not exceed the amount paid for the product in the 12 months preceding the claim.
7. Contact
For questions about these terms, contact us at support@votazz.co.