Data Security Statement
Effective starting: July 1, 2026
Protecting your data and your privacy is a high priority and is very important to us. K15t adheres to a strict policy for ensuring the security and privacy of your data, in particular your personally identifiable information (such as full name, address, e-mail address, and/or other identifiable information, collectively such personally identifiable information "Personal Data").
This privacy statement is accompanied by the Data Processing Addendum.
Overview
K15t provides hosted services ("Cloud Apps") for Atlassian Cloud Products. The Apps are delivered through the Atlassian Connect App framework ("Atlassian Connect"). Cloud Apps can be identified by the "Cloud" category in the corresponding Atlassian Marketplace listing.
K15t also provides downloadable products ("Data Center Apps") for Atlassian Data Center Products, which are installed on the client's IT-systems. Data Center Apps can be identified by the “Data Center” category in the corresponding Atlassian Marketplace listing.
This Data Security and Privacy Statement will provide you with an overview of the collection and processing of your data for both Cloud and Data Center Apps.
In the following all data created by an Atlassian Cloud or Data Center Product end user and stored within the Atlassian Product are defined as "Customer Data".
Legal Basis for Processing
K15t processes Personal Data in accordance with the General Data Protection Regulation (GDPR). Depending on the type of data and processing activity, the legal basis is one or more of the following:
-
If we obtain your consent for the processing of personal data, this consent serves as the legal basis (Art. 6(1)(a) GDPR).
-
If the processing of personal data is necessary for the performance of a contract to which you are a party, or to carry out pre-contractual steps, this necessity serves as the legal basis (Art. 6(1)(b) GDPR).
-
If processing is necessary to protect a legitimate interest of K15t or a third party, and your rights and freedoms do not override this interest, this legitimate interest serves as the legal basis (Art. 6(1)(f) GDPR).
Data Security
We maintain state-of-the-art technical and organizational measures in order to ensure data security, in particular for the protection of your Personal Data. These measures are regularly reviewed and updated to ensure they remain state-of-the-art. For more information about our data security measures, please contact us at privacy@k15t.com.
Cloud Apps
Data Storage
By default, our Cloud Apps do not store Customer Data themselves. Instead, Customer Data remains within the corresponding Atlassian Cloud Product. The Atlassian Cloud Product Security Statement can be found here.
Across all Cloud Apps, the following categories of data may be processed: Account Data, Support Data, Real-time Error Tracking Data. Product Analytics Data is processed only for Scroll Content Manager and Backbone Work Sync.
In addition, only in specific cases (outlined per app below) do our Cloud Apps temporarily store Operation Data that is required for the operation of the service:
-
Scroll Word Exporter
-
Scroll PDF Exporter
-
Scroll HTML Exporter
-
Scroll Content Manager
-
Scroll Sites
-
Backbone Work Sync
Data Location
Data location depends on the data residency location chosen by your administrators. Currently, we provide data residency support for these locations:
-
Oregon, USA - when using the ‘USA’ location
-
Frankfurt, Germany - when using the ‘German’ or ‘Europe’ locations
If a Cloud App does not support your chosen data residency location, data will default to Oregon, USA.
Important: Changing the region for your Confluence or Jira instance does not automatically move existing app data. App data remains in the region that the instance was initially used, and a manual app data migration must be initiated to move it between regions.
Cloud Apps supporting data residency:
-
Scroll Word Exporter
-
Scroll PDF Exporter
-
Scroll HTML Exporter
-
Scroll Content Manager
-
Backbone Work Sync
Access to Customer Data
Only authorized K15t employees from our support and development teams have access to Customer Data. Additionally, approved sub-processors may process Customer Data on our behalf. All sub-processors are contractually bound to the same data security and privacy standards that apply to us under GDPR.
Data Retention
If a customer unsubscribes from our Cloud App we mark stored Customer Data for deletion. The data is deleted after 180 days at the latest if the customer does not re-subscribe. However, the customer can contact us at privacy@k15t.com to request an earlier deletion.
Data Center Apps
Data Storage
By default, our Data Center Apps do not store Customer Data themselves. Instead, Customer Data remains within the corresponding Atlassian Data Center Product.
Only in specific cases (outlined per app below) do our Data Center Apps temporarily store Customer Data that is required for the operation of the service.
Data Center Scroll Word Exporter, Scroll PDF Exporter, Scroll HTML Exporter, Scroll Content Manager, Scroll Sites, Backbone Work Sync
-
Support Data
-
Real-time Error Tracking Data
-
Account Data
Data Location
Regions used by sub-processors for processing.
Access to Customer Data
Only authorized K15t employees from our support and development teams have access to Customer Data. Additionally, approved sub-processors may process Customer Data on our behalf. All sub-processors are contractually bound to the same data security and privacy standards that apply to us under GDPR.
Categories of Data
-
Account Data: Data provided and generated by Atlassian required for license validation, contract administration and communication with the customer instance. Includes: email address, name, postal address (if provided), organization, technical contacts, billing contacts, partner contacts.
Support Data: Data submitted by users when reporting problems. The process is agnostic of the content supplied. Can include: reporter's name and email address, and any data provided in the course of the support process.
Real-time Error Tracking Data: Error context captured from end users' browsers and sent to Sentry. Includes: AddOnKey, ClientKey, BaseUrl, anonymized TrackingID, error messages, browser type and version, operating system, URL at time of error, invoked operations, clicked UI elements, IP address.
Product Analytics Data: Feature usage data collected to support product decisions. Includes: User / Account ID and Site URL. Personal data is anonymized before further processing. After anonymization, individual end users cannot be identified.
Operation Data: Customer Data temporarily stored by Cloud Apps as required for the operation of the service. This includes data created by end users within the Atlassian product (e.g. pages, spaces, work items, attachments, comments) as well as app-generated data (e.g. logs, configurations).
|
App(s) |
Retention |
Description |
|---|---|---|
|
Scroll Word Exporter, Scroll PDF Exporter and Scroll HTML Exporter
|
Operational data is deleted within 72 hours; logs are deleted after 14 days. |
e.g. license information, spaces, pages, attachments, users, projects, issues, comments, metadata, Logs (page titles, content URLs, and error messages) |
|
Scroll Content Manager |
Operational data is deleted within 90 days. |
e.g. license information, spaces, pages, attachments, users, projects, issues, comments, metadata. |
|
Scroll Sites |
Operational data is deleted within 180 days after license expiration or unsubscribe. |
e.g. website content generated by the App. |
|
Backbone Work Sync |
Operational data is deleted when the integration is removed or within 180 days after unsubscribe. |
e.g. license information, projects, configurations, issues, attachments, users, comments, metadata. |
Sub-processors
Our sub-processors are:
-
Amazon Web Services, Inc., Seattle, USA: Our Cloud Apps are hosted on Amazon Web Services (AWS) cloud services in the datacenters mentioned above in the section ‘Data Location’. The AWS privacy statement can be found here
-
Atlassian Pty Ltd, Sydney, Australia: We use Jira Service Management from Atlassian for the creation, tracking and administration of support tickets, Jira Cloud for tracking software development and task management, and Confluence Cloud for the internal documentation of customer use cases. The Atlassian privacy statement can be found here.
-
Google Cloud EMEA Limited, Dublin, Ireland: We use Google Workspace for sending and receiving emails. This includes incoming and outgoing emails to and from K15t email lists, personal mailboxes, emails for support issues or transactional emails to inform about licenses. We use Google Drive for transferring files in our support process. The Google Cloud privacy statement can be found here.
-
Sentry (Sentry is a registered trademark of Functional Software, Inc.), San Francisco, USA: We use Sentry for real-time error tracking of selected Cloud/Data Center Apps' resources executed in the end users' browsers to reproduce and fix crashes. The Sentry privacy statement can be found here.
Your Rights
When we process your data, you are considered a "data subject" within the meaning of the GDPR. You have the following rights: the right of access, the right to rectification, the right to restriction of processing, the right to erasure, the right to be informed, and the right to data portability. You also have the right to object, the right to withdraw your consent, and the right to lodge a complaint with a regulatory authority.