Escalate — Privacy Policy

Last updated: 2026-05-07

Escalate is a Forge app for Atlassian Jira Cloud that helps engineers run structured investigations on tickets with optional AI assistance. This page explains what data Escalate processes, who it is shared with, where it lives, and how data subject rights are honored.

Data controller

The data controller for the customer's installation is the Atlassian site administrator who installed Escalate. The publisher of Escalate (Anas Najjar / Stryker) acts as a processor on behalf of that controller. For data-protection questions or requests, contact anas.najjar@stryker.com.

What we process

Jira issue text (summary, description, comments, labels, attachments) for issues users open the panel on.
Jira user identifiers (accountId + display name) for the investigator picker, project admin picker, and reminder recipients.
Investigation state created by users in the panel (answers to checks, notes, help-request comments, AI-generated summaries).
Optional log files attached to Jira issues, when log analysis is enabled by a project admin.
Optional source-code snippets from a Bitbucket repository the project admin links, when code analysis is enabled.
Per-installation operational telemetry: resolver-error type, message, timestamp. No user content beyond exception strings.

Lawful basis

Processing is based on the legitimate interest of the customer (Atlassian site) in operating an internal investigation workflow on issues their users have already created in Jira. AI features process content only when the project admin enables them and supplies a customer-controlled provider API key.

Where data lives

Inside the customer's Atlassian tenant: investigation state, project configs, repo skeletons, telemetry, and reminder schedules are stored in Forge-managed storage (Forge SQL + Forge KVS), encrypted at rest by Atlassian, isolated per installation. Storage region follows the customer's Atlassian site region; see Atlassian data residency.
External AI provider: when AI is enabled, Escalate sends issue/log/code text to the provider chosen by the project admin. The customer supplies their own API key, so each provider's data-processing terms apply directly to the customer.
Bitbucket Cloud: when code analysis is enabled, Escalate reads files from the linked repository over the customer's Bitbucket access token (read-only).
Forge KVS encrypted secret store: customer-supplied AI keys and Bitbucket tokens, encrypted by Atlassian. Never transmitted to the publisher.

Sub-processors

Escalate transmits user-provided content to the following sub-processors only when the corresponding feature is enabled by the customer's project admin and the customer's own API key/token is configured:

Sub-processor	Purpose	Privacy policy
Atlassian (Forge SQL + KVS, Jira REST)	Hosting + storage + Jira issue access	atlassian.com/legal/privacy-policy
Google (Gemini API)	AI completions (when admin selects Gemini)	policies.google.com/privacy
OpenAI	AI completions (when admin selects OpenAI)	openai.com/policies/privacy-policy
Anthropic	AI completions (when admin selects Anthropic)	anthropic.com/legal/privacy
Microsoft / GitHub (GitHub Models)	AI completions (when admin selects GitHub Models)	github.com privacy statement
Atlassian (Bitbucket Cloud)	Source-code reads for code analysis (when admin links a repo)	atlassian.com/legal/privacy-policy

What we do not do

We do not sell or share data beyond the sub-processors listed above.
We do not use customer data to train any AI model.
We do not collect telemetry beyond per-installation error logs (no user content).
The publisher does not receive copies of customer data — all processing happens inside the customer's Forge installation.

Retention & deletion

Active investigation data is retained while the case is open.
Resolved investigations older than 30 days are auto-archived: detailed steps, logs, and code-analysis dropped; only the summary is preserved on the issue.
Per-issue clear: any user with project access can reset an investigation from the issue panel ("Reset investigation"). This deletes that issue's stored data immediately.
Bulk wipe: site administrators can purge all investigation data via an admin tool.
Uninstall: when the app is uninstalled, an explicit lifecycle handler purges the encrypted secret store (AI keys, Bitbucket tokens). Forge-managed storage (SQL, KVS) is then soft-deleted by Atlassian for 28 days, then permanently purged.

Your rights (GDPR, CCPA)

Atlassian users whose data is processed by Escalate may exercise the following rights through their Atlassian site administrator:

Access — request a copy of investigation data tied to your accountId. Site admins can extract via the admin tools.
Rectification — investigation notes are user-editable in-panel; corrections take effect immediately.
Erasure — request deletion of investigations referencing your accountId; site admins can clear per-issue or bulk-wipe.
Portability — investigation summaries can be exported as plain text from the issue panel.
Objection / restriction — site admins can disable AI features per-project at any time, halting further AI sub-processor calls.

To exercise these rights, contact your Atlassian site administrator first. For escalations, contact the publisher at anas.najjar@stryker.com.

Security & breach notification

Escalate runs on Atlassian Forge — code, storage, and secrets are managed under Atlassian's security controls (see atlassian.com/trust). The publisher commits to notifying the affected Atlassian site administrator within 72 hours of becoming aware of any data incident materially affecting customer data, in line with GDPR Article 33.

Customer responsibilities

You provide and rotate your own AI provider API keys and Bitbucket tokens.
You decide which Jira projects are enabled in Escalate and which AI features are turned on.
You ensure that sending issue/log/code content to your chosen AI provider complies with your organization's data-handling policies.

Contact

Questions or data requests: anas.najjar@stryker.com.