Privacy
Specific about what we process and why.
This policy explains how CodeTailor handles personal data on the website and through its Atlassian Marketplace apps, including AI Readiness & Content Hygiene Inspector for Confluence. It is written to match the current operating model rather than a generic SaaS template.
Scope
This policy applies to the public website at `www.codetailor.com`, to direct business communications with CodeTailor, and to the Atlassian Marketplace apps that CodeTailor publishes and supports.
When CodeTailor operates the public website and handles direct inquiries, it generally acts as a controller for that data. When a customer installs and uses AI Readiness & Content Hygiene Inspector for Confluence, CodeTailor generally acts as a processor for customer content and related personal data processed through the app on the customer's behalf, subject to the applicable agreement and DPA.
Website Data
The public website is intentionally small. It does not use cookies for analytics, advertising pixels, behavioral profiling, or marketing tracking.
The website is delivered through hosting and edge infrastructure that may process limited request data such as IP address, user agent, requested URL, timestamps, and similar delivery or security metadata. That processing exists to serve the site, secure it, and troubleshoot operational issues.
If you contact CodeTailor by email, CodeTailor receives the information you choose to send, including your name, email address, company details, and the contents of your message.
App Data
AI Readiness & Content Hygiene Inspector for Confluence is designed to review Confluence pages for stale, thin, or otherwise low-trust signals before AI-assisted workflows rely on them.
The app currently:
- reads Confluence page bodies and metadata needed to evaluate hygiene signals
- stores app state in Atlassian Forge hosted storage so background scans and review workflows can continue safely
- stores workflow state in Forge hosted storage without persisting Atlassian account identifiers in scan or decision records
- does not intentionally send Confluence content to third-party AI providers or external vendor infrastructure
- does not use the app for marketing analytics, advertising, or cross-customer profiling
Main Data Categories
| Category | Examples | Why it is processed |
|---|---|---|
| Website request data | IP address, user agent, requested URL, timestamps | Site delivery, security, and troubleshooting |
| Direct communications | Name, email address, company details, message contents | Answer inquiries, provide support, and manage business conversations |
| Confluence page data | Page body content, titles, labels, last-modified information, URLs | Score stale, thin, outdated, or otherwise low-trust content |
| App operational data | Policy settings, scan state, findings, checkpoints, review status | Run background scans and support the review workflow |
Why We Process Data
Depending on the context, CodeTailor generally processes personal data because it is necessary to take steps toward a contract, perform a contract, comply with legal obligations, secure the service, or pursue legitimate business interests such as operating the site, supporting customers, and documenting security events.
For app-related customer content processed through the Atlassian app, the customer typically determines the purpose of the processing and CodeTailor processes that data as a processor under the customer's instructions and the applicable agreement.
Retention And Deletion
Retention depends on the type of data and the context in which it is processed. The app does not use one blanket retention rule for every record type.
| Category | Data | Retention |
|---|---|---|
| Policy settings | Per-space preset selection and review thresholds such as stale days, minimum text length, and minimum score. | Retained until changed by the customer or removed with the app installation data. |
| Per-page review decisions | Decision status and update timestamps needed for admin review history. | Retained until changed by the customer or removed with the app installation data. |
| Scan artifacts and findings | Scan metadata, checkpoints, findings, statuses, and derived review records used to continue and review background scans. | Configured with a 30-day Forge TTL in the current implementation. |
| App installation data after uninstall | Forge-hosted persistent storage associated with the installation. | Retained by Atlassian Forge for a limited post-uninstall period documented by Atlassian as up to 28 days, with relink possible if requested in time. |
| Direct business communications | Email conversations and related business records | Kept for as long as reasonably needed to answer the inquiry, provide support, keep internal records, or comply with legal or accounting obligations. |
Data Residency And Transfers
For app data stored in persistent Forge hosted storage, data residency behavior follows Atlassian Forge platform capabilities and Atlassian administrative controls. The app currently avoids external network egress for its core runtime and does not currently add third-party AI or storage services outside Atlassian products and services for this app.
Website request data and direct communications may be processed through ordinary business hosting and communications systems and may therefore be handled in jurisdictions where those service providers operate.
Rights Requests And Contact
For privacy requests about the website or direct communications, contact support@codetailor.com.
If your request concerns content processed through a customer's Confluence installation, the customer organization is usually the right first point of contact because it controls the source data and the use of the app in its environment. Where CodeTailor acts as a processor, it will generally assist through the customer rather than act independently of the customer's instructions.
App-specific trust material is also available on the security statement, DPA, and support page.