Legal

Privacy Policy

Last updated: 16 June 2026. This policy applies to the ProcessLayer website and ProcessLayer marketplace apps, including Definition of Ready AI for Jira.

1. Overview

ProcessLayer is a South African-based software business that builds marketplace apps for business platforms. This Privacy Policy explains how ProcessLayer collects, uses, stores, shares, and protects personal information and customer content when you visit our website or use our products.

For customer content processed inside a customer-controlled Atlassian site, the customer is generally the controller or responsible party, and ProcessLayer acts as a processor or operator. For website visits, account administration, support, billing operations, and direct communications, ProcessLayer may act as the controller or responsible party.

2. Data processed by Definition of Ready AI for Jira

The app may process Jira issue data needed to provide readiness analysis, including issue summary, description, comments, labels, components, status, priority, linked issue metadata, attachment metadata, project configuration, user display information, and app usage context.

The app is intended to process only the Jira data required for issue readiness analysis, generated clarifying questions, QA checklists, and approved Jira write-back actions.

3. Data stored

The app may store account and installation records, Atlassian cloud site identifiers, license snapshots, entitlement state, project-level readiness settings, generation logs, readiness reports, usage events, audit logs, support records, and configuration data in the ProcessLayer backend.

Atlassian Forge storage may be used for app configuration or short-lived cache where appropriate. ProcessLayer does not use Forge frontend code to store AI provider API keys.

4. Data not collected in v1

The app does not access source code, clone repositories, inspect branches, access pull requests, or require repository permissions. ProcessLayer does not sell customer data and does not use customer content to train ProcessLayer-owned AI models.

5. Purposes of processing

  • Provide Jira issue readiness analysis and generated work-order drafts
  • Operate licensing, entitlement, quota, and abuse-prevention controls
  • Maintain project configuration, audit logs, and support diagnostics
  • Respond to support, privacy, security, and deletion requests
  • Protect the service, investigate incidents, and comply with legal obligations

6. External AI providers

When AI generation is configured, selected Jira issue text and relevant project settings may be sent from the ProcessLayer backend to an AI provider to generate readiness reports, clarifying questions, QA checklists, and work orders. ProcessLayer does not expose AI provider API keys to Forge, Jira, or browser code.

Generated outputs can be inaccurate or incomplete and should be reviewed by a human before being used or written back to Jira.

7. Website data

The website may process basic technical data such as IP address, browser type, device information, pages visited, security logs, and contact information submitted through email or forms if enabled. ProcessLayer does not currently publish third-party advertising on the website.

8. Legal bases and regional privacy rights

Where South Africa's Protection of Personal Information Act, 2013 (POPIA) applies, ProcessLayer processes personal information on grounds such as contract performance, consent where required, legal obligations, legitimate interests, and customer instructions. Where GDPR or similar laws apply, equivalent legal bases may include contract performance, legitimate interests, consent, and legal obligations.

Depending on applicable law, individuals may have rights to access, correction, deletion, objection, restriction, portability, and complaint to a regulator. To exercise privacy rights, contact support@processlayer.co. South African data subjects may also contact the Information Regulator of South Africa.

9. International transfers

ProcessLayer may use infrastructure, support systems, and AI providers located outside South Africa or outside a customer's country. Where required, ProcessLayer relies on customer instructions, appropriate contractual commitments, provider safeguards, and other lawful transfer mechanisms.

10. Data retention

App data is retained only as long as needed to provide the service, maintain auditability, troubleshoot issues, comply with legal obligations, support customer requests, or protect the service. Backups and security logs may persist for a limited period after deletion from active systems.

11. Data deletion

Customers may request deletion by contacting support@processlayer.co. Deletion requests should include the Atlassian cloud site URL, organization name, requester name, and the scope of data to delete.

Content that approved users wrote back into Jira, such as comments or subtasks, remains in the customer Atlassian site and must be managed by the customer's Jira administrators.

12. Security

ProcessLayer uses administrative, technical, and organizational safeguards intended to protect customer data. These include HTTPS, access controls, audit logging, separation of Forge UI code from backend AI provider credentials, and review of security-relevant changes. Additional security details are available in the Security overview.

13. Subprocessors

  • Atlassian Forge: Jira app runtime and app surfaces
  • Render or equivalent hosting provider: ProcessLayer backend and database hosting
  • AI provider, when configured: generation of readiness reports and work orders
  • Cloudflare: website hosting and DNS
  • Email provider: support communication

14. Changes

ProcessLayer may update this policy as products, subprocessors, or legal requirements change. Material updates will be reflected by changing the date at the top of this policy.

15. Contact

For privacy questions, contact support@processlayer.co.