← Back to Baytek Sprint Analytics

Baytek Sprint Analytics — Privacy Policy

Last updated: April 10, 2026

1. Introduction

Baytek Sprint Analytics (“the App”) is developed by Baytek Software (“we”, “us”, “our”). This Privacy Policy explains how the App handles data when installed on your Atlassian Jira Cloud instance.

2. Data We Access

The App accesses the following Jira data in read-only mode:

  • Project metadata (names, keys, avatars)
  • Board and sprint information (names, dates, goals, states)
  • Issue data (keys, summaries, statuses, assignees, priorities, story points, issue types, flagged status, created/updated dates)
  • Issue changelog and transition history (status change timestamps)
  • User display names (for team breakdowns and leaderboards)
  • JQL query execution (for epic and filtered issue lookups)

The App does not access:

  • Issue descriptions or comment content
  • Attachments or files
  • Email addresses or personal contact information
  • Custom field values beyond story points
  • Data from other Atlassian products (Confluence, Bitbucket, and so on) unless explicitly configured

3. Data Storage

The App stores a minimal amount of configuration data using Atlassian Forge Key-Value Storage (KVS), which resides entirely within Atlassian Cloud infrastructure:

  • Workflow status mappings (which statuses map to To Do / In Progress / Done) — per project
  • Audit trail entries (configuration change log with action, user, and timestamp) — up to 200 entries per project
  • Optional GitHub API tokens for Copilot metrics integration, encrypted at rest by Atlassian Forge

No Jira issue data, user data, or analytics results are stored. All analytics are computed on the fly from live Jira data and are not persisted.

4. Data Processing

All data processing occurs entirely within the Atlassian Forge runtime environment:

  • The App runs on Atlassian infrastructure and is aligned with Runs on Atlassian expectations
  • No data is transmitted to external servers, third-party services, or our own infrastructure
  • The App has zero egress (no outbound network calls from the backend)
  • All computations — cycle time, Monte Carlo simulations, aging calculations, and flow metrics — happen in memory during Forge execution and are discarded after rendering

5. Data Sharing

We do not:

  • Sell, rent, or trade any data accessed by the App
  • Share data with third parties
  • Use data for advertising, analytics, or profiling
  • Transmit data outside of the Atlassian Cloud environment

6. GitHub Integration (Optional)

If you choose to connect a GitHub organization for Copilot metrics:

  • You provide a GitHub Personal Access Token (PAT) with Copilot-related scope
  • The token is stored encrypted at rest in Atlassian Forge KVS
  • API calls to GitHub are made server-side through the Forge backend, and the token is never exposed to the browser
  • You can disconnect and delete the token at any time from the Configuration view

7. User Authentication & Authorization

The App uses Atlassian Forge's built-in authentication:

  • Users are authenticated by Atlassian and do not need a separate login
  • API calls use the authenticated user's permissions, so users can only see data they already have access to in Jira
  • No additional account creation is required

8. Data Retention

  • Configuration data (workflow mappings and audit trail) persists as long as the App is installed
  • Uninstalling the App removes stored data from Forge KVS
  • No backups or copies of your data are retained by us after uninstallation

9. Security

  • Built on Atlassian Forge with sandboxed execution, encrypted storage, and network isolation
  • All Jira API calls use Forge's authenticated proxy and no raw credentials are handled directly
  • The App goes through Atlassian's security review process for Marketplace distribution
  • Source code follows OWASP Top 10 secure coding practices

10. Children's Privacy

The App is a business tool and is not directed at children under 16. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last updated” date. Continued use of the App after changes constitutes acceptance.

12. Contact

For privacy-related questions or requests:

  • Email: support@baytekdev.com
  • Company: Baytek Software
  • Website: https://ado-analytics.baytekdev.com/

13. Data Protection Rights

If you are in the EU/EEA, you may have rights under GDPR, including access, rectification, erasure, and portability. Since the App stores only minimal configuration data and no personal data cache, these rights can typically be exercised by uninstalling the App or contacting us directly.