Privacy Policy

Privacy Policy for Carbon

Privacy Policy

Effective Date: December 1, 2025

Last Updated: December 1, 2025

1. Introduction

Curious Lab Group (a trading name of Gani Software Pty Ltd) (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect information when you use Carbon (“the App”), our Jira application available through the Atlassian Marketplace.

By installing and using Carbon, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use the App.

2. Information We Collect

2.1 Jira Data

Carbon interacts with your Jira instance to provide its functionality. The App accesses the following types of Jira data:

  • Issue Information: Issue summaries, descriptions, issue types, and custom field values
  • User Information: Account IDs and display names (to track who created templates and trigger actions)
  • Attachment Metadata: Filenames, file sizes, and MIME types of attached files (actual file content is accessed by reference only)
  • Issue Hierarchy: Parent-child relationships for subtasks
  • Project Information: Project IDs and project names

2.2 App-Specific Data

To provide Carbon’s template and cloning features, the App stores certain configuration data:

  • Template Data:

    • Template name, description, and scope settings
    • Captured issue structure (issue types, summaries, descriptions, field values, attachment metadata)
    • Project IDs where templates are accessible
    • Creator account ID (who created the template)

  • Job Processing Data:

    • Template application progress tracking (job status, progress percentage, timestamps)
    • Results of template applications (which issues were created or updated)

  • Master Data Cache:

    • Key value maps for faster lookups

Note: Carbon does not store:

  • Your personal user preferences or settings
  • Individual user analytics or tracking data
  • Complete copies of Jira issues or attachments

For information about where this data is stored, see Section 4.1 (Data Residency).

2.3 Personal Information

We may collect personal information when you:

  • Contact our support team (name, email address, support inquiries)
  • Provide feedback or feature requests
  • Participate in surveys or promotional activities

2.4 Usage Data and Analytics

We automatically collect minimal technical information to monitor App performance and identify errors:

  • Error logs and diagnostic information (via Sentry.io)
  • Crash reports and stack traces
  • Performance metrics

About Sentry.io: Sentry.io is an approved analytics service for Atlassian Forge apps and is explicitly declared in our app’s manifest. It is used exclusively for error monitoring and crash reporting to maintain App stability and reliability. Sentry does not receive any end-user data (EUD) from Carbon.

Note: We do not collect:

  • Individual user activity tracking
  • User behavior analytics
  • Browser fingerprinting
  • Device identifiers

Error logs are anonymized and used solely for debugging and improving the App’s stability.

3. How We Use Your Information

We use the collected information solely to:

3.1 Provide and Maintain the App

  • Enable issue cloning and template management functionality
  • Synchronize templates across your Jira projects
  • Process your instructions and requests within the App

3.2 Improve the App

  • Analyze usage patterns to enhance features and user experience
  • Identify and fix bugs and technical issues
  • Develop new features based on user needs

3.3 Provide Customer Support

  • Respond to your support requests and inquiries
  • Troubleshoot technical problems
  • Send important updates about the App

3.4 Security and Compliance

  • Detect, prevent, and address security threats
  • Ensure compliance with our Terms of Service
  • Protect the rights and safety of our users
  • Comply with applicable laws and regulations
  • Respond to legal requests and prevent fraud

4. Data Storage

4.1 Data Residency

Carbon stores app-specific data using Atlassian’s Forge persistent hosted storage. This means:

Automatic Data Residency: When your Jira administrator pins your Jira instance to a specific geographic location, Carbon’s data is automatically pinned to the same location. If your administrator migrates your Jira data to a different location, Carbon’s data will be migrated along with it.

For more information:

5. Data Sharing and Disclosure

5.1 No Sale of Data

We do not sell, trade, rent, or otherwise monetize your personal data or Jira data.

5.2 Third-Party Service Providers

We share limited data with trusted third-party service providers who assist us in operating the App:

  • Atlassian Cloud Infrastructure: Carbon is hosted on Atlassian’s Forge platform
  • Sentry.io: Error monitoring and crash reporting (receives anonymized error logs and stack traces)
  • Support Platform: When you contact support via our service desk, your inquiry is processed through Atlassian’s Jira Service Management

All third-party providers are contractually obligated to protect your data and use it only for the purposes we specify. The use of Sentry.io is explicitly declared in our app’s manifest and complies with Atlassian’s external service requirements for Forge apps.

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, or government regulations).

5.4 Atlassian Marketplace

Carbon is distributed through the Atlassian Marketplace. Your installation and usage of the App are also subject to Atlassian’s privacy practices. Please review Atlassian’s Privacy Policy for more information.

6. Data Retention

Data retention for Carbon is managed by Atlassian’s Forge platform in accordance with Atlassian’s Standard Data Retention and Disposal policy.

6.1 Active Users

Your app-specific data (templates and configurations) is retained in Forge persistent hosted storage for as long as Carbon remains installed on your Jira instance.

6.2 App Uninstallation

When you uninstall Carbon:

  • Jira Data: Carbon immediately loses access to your Jira data since it only accesses data in real-time through Atlassian’s APIs
  • App-Specific Data (Templates): Forge-hosted data follows Atlassian’s data retention policy. After uninstallation, data is “soft deleted” and retained for a period. If you reinstall Carbon within 21 days of uninstallation, your data can be relinked to the new installation.

6.3 Learn More

For detailed information about how Forge manages data lifecycle and retention:

7. Your Rights and Choices

Under applicable data protection laws (including GDPR, CCPA, and Australian Privacy Principles), you have rights regarding the personal data Carbon stores.

7.1 What Personal Data We Store

Carbon stores the following personal data in Forge persistent hosted storage:

  • Account IDs: Jira user account identifiers (for template creators and users who trigger actions)
  • Display Names: User display names cached for faster lookups
  • Email Addresses: User email addresses cached from Jira (when available)

This data is stored to:

  • Track template ownership and permissions
  • Display user-friendly names in the application
  • Enable proper access control for templates

7.2 Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide:

  • Templates you have created (including your account ID)
  • Cached user information associated with your account
  • History of template applications you have initiated

7.3 Right to Rectification

If your display name or email address has changed in Jira, Carbon will update this information automatically when the cache is refreshed. You can also request manual correction by contacting us.

7.4 Right to Erasure (“Right to be Forgotten”)

You have the right to request deletion of your personal data. However, please note:

Limitations: Because Carbon uses Forge persistent hosted storage, data deletion follows Atlassian’s data retention policy.

7.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. We can provide:

  • A JSON export of templates you have created
  • History of your template application activities

7.6 Right to Object

You have the right to object to processing of your personal data.

Important: Carbon requires account IDs and display names to function. These are necessary to:

  • Track template ownership and permissions
  • Display user information in the application
  • Enable access control and security features

If you object to the collection and processing of this personal data, you will not be able to use Carbon. In such cases, you should uninstall the app from your Jira instance.

We do not use personal data for:

  • Direct marketing
  • Profiling or automated decision-making
  • Third-party advertising
  • Any purpose beyond the core functionality of Carbon

7.7 Exercising Your Rights

To exercise any of these rights, please contact us at:

Email: privacy@curiouslab.io

Subject: Privacy Rights Request - Carbon

Please include:

  • Your Jira site URL
  • Your Jira account ID or email address
  • The specific right you wish to exercise
  • Any relevant details to help us process your request

Response Time: We will respond to your request within 30 days in accordance with applicable data protection laws. For complex requests, we may require up to 60 days and will notify you of any extension.

7.8 Complaint to Supervisory Authority

If you are located in the European Economic Area and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

Carbon may contain links to third-party websites, services, or resources. This Privacy Policy applies only to Carbon. We are not responsible for the privacy practices of third-party websites or services. We encourage you to review the privacy policies of any third-party sites you visit.

9. Compliance and Certifications

We are committed to maintaining the highest standards of data protection and privacy:

  • GDPR Compliance: We comply with the EU General Data Protection Regulation
  • Australian Privacy Principles: We adhere to the Privacy Act 1988 (Cth)
  • Atlassian Marketplace Requirements: We meet all Atlassian data privacy guidelines
  • Security Standards: Our infrastructure providers are SOC 2 Type II certified

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Email: privacy@curiouslab.io

Response Time

We aim to respond to all privacy-related inquiries within 5 business days.

11. Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection Officer at:

Email: privacy@curiouslab.io

Subject: Attention: Data Protection Officer

This Privacy Policy was last updated on December 1, 2025. We recommend reviewing this page periodically to stay informed about how we protect your information.