Data Security Statement

Effective starting: November 6th, 2025 (view previous version)

Data Security and Privacy Statement - K15t GmbH

Protecting your data and your privacy is a high priority and is very important to us. K15t adheres to a strict policy for ensuring the security and privacy of your data, in particular your personally identifiable information (such as full name, address, e-mail address, and/or other identifiable information, collectively such personally identifiable information "Personal Data").

• Cloud Apps

• Data Center Apps

Overview

K15t provides hosted services ("Cloud Apps") for Atlassian Cloud Products. The Apps are delivered through the Atlassian Connect App framework ("Atlassian Connect"). Cloud Apps can be identified by the "Cloud" category in the corresponding Atlassian Marketplace listing.

K15t also provides downloadable products ("Data Center Apps") for Atlassian Data Center Products, which are installed on the client's IT-systems. Data Center Apps can be identified by the “Data Center” category in the corresponding Atlassian Marketplace listing.

This Data Security and Privacy Statement will provide you with an overview of the collection and processing of your data for both Cloud and Data Center Apps.

In the following all data created by an Atlassian Cloud or Data Center Product end user and stored within the Atlassian Product are defined as "Customer Data”.

Legal Basis for Processing

K15t processes Personal Data in accordance with the General Data Protection Regulation (GDPR). Depending on the type of data and processing activity, the legal basis is one or more of the following:

• If we obtain your consent for the processing of personal data, this consent serves as the legal basis (Art. 6(1)(a) GDPR).

• If the processing of personal data is necessary for the performance of a contract to which you are a party, or to carry out pre-contractual steps, this necessity serves as the legal basis (Art. 6(1)(b) GDPR).

• If processing is necessary to protect a legitimate interest of K15t or a third party, and your rights and freedoms do not override this interest, this legitimate interest serves as the legal basis (Art. 6(1)(f) GDPR).

Data Security

We maintain state-of-the-art technical and organizational measures in order to ensure data security, in particular for the protection of your Personal Data. These measures are regularly reviewed and updated to ensure they remain state-of-the-art. For more information about our data security measures, please contact us at privacy@k15t.com.

Cloud Apps

Data Storage

By default, our Cloud Apps do not store Customer Data themselves. Instead, Customer Data remains within the corresponding Atlassian Cloud Product. The Atlassian Cloud Product Security Statement can be found here.
Only in specific cases (outlined per app below) do our Cloud Apps temporarily store Customer Data that is required for the operation of the service.

Cloud Scroll Word Exporter, Scroll PDF Exporter and Scroll HTML Exporter

These Apps may temporarily store the following categories of data:

• Account Data

• Support Data

• Operation Data

Cloud Scroll Documents

This App may temporarily store the following categories of data:

• Account Data

• Support Data

• Product Analytics Data

• Operation Data

Cloud Scroll Sites

This App may temporarily store the following categories of data:

• Account Data

• Support Data

• Real-time Error Tracking Data

• Product Analytics Data

• Operation Data

Cloud Backbone Work Sync

This App may temporarily store the following categories of data:

• Account Data

• Support Data

• Product Analytics Data

• Operation Data

Data Location

Data location depends on the data residency location chosen by your administrators. Currently, we provide data residency support for these locations:

• Oregon, USA - when using the ‘USA’ location

• Frankfurt, Germany - when using the ‘German’ or ‘Europe’ locations

If a Cloud App does not support your chosen data residency location, data will default to Oregon, USA.

Important: Changing the region for your Confluence or Jira instance does not automatically move existing app data. App data remains in the region that the instance was initially used, and a manual app data migration must be initiated to move it between regions.

Cloud Apps supporting data residency:

• Scroll Word Exporter

• Scroll PDF Exporter

• Scroll HTML Exporter

• Scroll Documents

• Backbone Work Sync

Access to Customer Data

Only authorized K15t employees from our support and development teams have access to Customer Data. Additionally, approved sub-processors may process Customer Data on our behalf. All sub-processors are contractually bound to the same data security and privacy standards that apply to us under GDPR.

Data Retention

If a customer unsubscribes from our Cloud App we mark stored Customer Data for deletion. The data is deleted after 180 days at the latest if the customer does not re-subscribe. However, the customer can contact us at privacy@k15t.com to request an earlier deletion.

Data Center Apps

Data Storage

By default, our Data Center Apps do not store Customer Data themselves. Instead, Customer Data remains within the corresponding Atlassian Data Center Product.

Only in specific cases (outlined per app below) do our Data Center Apps temporarily store Customer Data that is required for the operation of the service.

Data Center Scroll Word Exporter, Scroll PDF Exporter, Scroll HTML Exporter

• Support Data

• Real-time Error Tracking Data

Data Center Scroll Documents, Scroll Sites, Backbone Work Sync

• Support Data

Data Location

Regions used by sub-processors for processing.

Access to Customer Data

Only authorized K15t employees from our support and development teams have access to Customer Data. Additionally, approved sub-processors may process Customer Data on our behalf. All sub-processors are contractually bound to the same data security and privacy standards that apply to us under GDPR.

Categories of Data

• Account Data: Our Cloud Apps store data provided and generated by Atlassian, that are required for license validation, contract administration and communication with the customer instance.

• Support Data: Our Apps may offer a problem report functionality which can be triggered in the respective Apps. If such functionality is offered, it allows you to automatically report the error to our support team. This functionality collects relevant support data from the system and creates a support ticket in our support system on behalf of your users' email address. The data is stored in the support system and may also be downloaded to our own IT-system by a member of our support team. The data is usually deleted as soon as it is no longer required for providing the service, however, at the latest 180 days after the customer unsubscribed from the service.

• Real-time Error Tracking Data: Our Apps track errors of our Apps' resources executed in the end users' browsers in real-time. This includes for example AddOnKey, ClientKey, BaseUrl, anonymized TrackingID, error messages and information about the environment such as browser type, browser version and operating system. It is exclusively used in order to improve our service.

• Product Analytics Data: Our Cloud Apps track user behavior to allow better product decisions based on these insights. This includes for example usage of service features such as how often certain features are used and how they are used. This data is anonymized. Therefore, we cannot identify the end user this data relates to. It is exclusively used in order to improve our service.

• Operation Data: Our Cloud Apps temporarily store Customer Data required for the operation of the service. Retention periods vary by App:

Sub-processors

Our sub-processors are:

• ActiveCampaign, Inc., Chicago, USA: We use ActiveCampaign to send informational email when you evaluate or buy a new app. The ActiveCamapign privacy policy can be found here.

• Amazon Web Services, Inc., Seattle, USA: Our Cloud Apps are hosted on Amazon Web Services (AWS) cloud services in the datacenters mentioned above in the section ‘Data Location’. The AWS privacy statement can be found here.

• Amplitude, Inc., San Francisco, USA: We use Amplitude to visualize and analyze how our apps are used. The Amplitude privacy statement can be found here.

• Atlassian Corporation Plc, London, UK: We use Jira Service Management from Atlassian for the creation, tracking and administration of support tickets, Jira Cloud for tracking software development and task management, and Confluence Cloud for the internal documentation of customer use cases. The Atlassian privacy statement can be found here.

• Google Cloud EMEA Limited, Dublin, Ireland: We use Google Workspace for sending and receiving emails. This includes incoming and outgoing emails to and from K15t email lists, personal mailboxes, emails for support issues or transactional emails to inform about licenses. We use Google Drive for transferring files in our support process. The Google Cloud privacy statement can be found here.

• Sentry (Sentry is a registered trademark of Functional Software, Inc.), San Francisco, USA: We use Sentry for real-time error tracking of selected Cloud/Data Center Apps' resources executed in the end users' browsers to reproduce and fix crashes. The Sentry privacy statement can be found here.

• Twilio Segment - Customer Data Platform, Inc, San Francisco, USA: We use Segment to collect data on how our apps are used. The Segment privacy statement can be found here.

Your Rights

When we process your data, you are considered a "data subject" within the meaning of the GDPR. You have the following rights: the right of access, the right to rectification, the right to restriction of processing, the right to erasure, the right to be informed, and the right to data portability. You also have the right to object, the right to withdraw your consent, and the right to lodge a complaint with a regulatory authority.