← Midgård Soft

Privacy Policy — Weekly Timesheets for Jira

Effective May 21, 2026

This Privacy Policy describes how the Atlassian Marketplace app Weekly Timesheets for Jira (the “App”), published by Midgaard, handles data when you install and use it on a Jira Cloud site. The App is built on Atlassian Forge, which fundamentally shapes what data we process and where it lives.

Summary

  • The App runs entirely on Atlassian-hosted infrastructure (Forge runtime and Forge Storage). No application data is sent to, processed by, or stored on any Midgaard-controlled server.
  • We do not collect, transmit, log, or analyze any personal data outside your Atlassian instance.
  • The App reads and writes Jira worklogs on your behalf (Forge’s asUser mechanism), so it can only see and change what you could see and change in native Jira.
  • Timesheet structure, week status, and approver mappings are stored in Atlassian’s per-tenant Forge Storage and are deleted when you uninstall the App.

What data the App accesses

To produce timesheets, the App reads the following through official Atlassian APIs:

  • Issues you search for or add to a week (key, summary, project) and the worklogs you have logged against them.
  • Users (display name, avatar, Atlassian account ID) returned by the user-search endpoint, used by the approver-mapping admin screen and to label approval queues.
  • Your own Atlassian account ID, used as the storage key for your timesheet data and to attribute worklogs.

All access uses your current user’s permissions (Forge’s asUser mechanism). The App cannot read or change data you cannot.

What data the App writes to Jira

Unlike a read-only reporting tool, this App records time. When you enter, edit, or clear hours in a cell, the App creates, updates, or deletes a Jira worklog on the corresponding issue, attributed to you, via the standard Jira worklog API. The App performs no other writes: it cannot create, transition, or delete issues, projects, or users, and holds no administrative write scopes.

What data the App stores

The App stores the following in Forge Storage, keyed by Atlassian account ID:

  • Week structure — the ordered list of issue keys that make up each of your weeks.
  • Week status — whether a week is draft, submitted, approved, or rejected, with submission/decision timestamps, the deciding approver’s account ID, and any rejection comment.
  • Approver mappings — set by a Jira administrator, recording which account approves which person’s timesheet.

The actual logged hours live in Jira as worklogs — the App does not keep a separate copy. Forge Storage is operated by Atlassian, logically isolated per tenant, and lives within your Atlassian instance’s data boundary. We do not store issue contents, user profiles, audit logs, or any analytics data.

What the App does not do

  • The App does not send data to Midgaard or any third party. There is no Midgaard-operated backend that the App talks to.
  • The App does not place tracking pixels, analytics scripts, or cookies in the iframe.
  • The App does not contact external services for advertising or marketing.
  • The App does not cache data outside of Atlassian Forge’s own runtime.

Security & data protection

  • Hosting & isolation. The App runs on Atlassian Forge, a managed platform on Atlassian-hosted infrastructure. There is no Midgaard-operated server, database, or network. App data lives in Forge Storage, logically isolated per Atlassian tenant.
  • Encryption. All communication uses TLS (HTTPS). Data at rest in Forge Storage is encrypted by Atlassian. Midgaard never holds a separate copy of your data.
  • Access control & least privilege. Every read and write is performed with the requesting user’s own permissions (Forge’s asUser), so the App can never reach data the user couldn’t. Its only write scope is limited to worklogs (creating, updating, or deleting your own time entries) — it cannot modify issues, projects, or users. Administrative actions (approver mapping) verify the caller’s Jira ADMINISTER permission on the server, not just in the UI.
  • No data egress. The App makes no outbound calls to any non-Atlassian host. No third party receives your data.
  • Secure development. Every change is gated in CI by type checking, automated tests, dependency vulnerability scanning (SCA), and static analysis (SAST); a CycloneDX software bill of materials is produced per build. Credentials, tokens, and personal data are never written to logs.
  • Vulnerability management & incident response. Report security issues to piotr@midgaard.software. We triage with CVSS and remediate within the timelines of Atlassian’s Marketplace Security Bug Fix Policy, notifying affected customers and Atlassian for critical issues per Atlassian’s guidelines.

Data retention

Timesheet structure, week status, and approver mappings persist in Forge Storage until you delete them or the App is uninstalled. When the App is uninstalled, Atlassian removes all of its Forge Storage records as part of the uninstall lifecycle. Worklogs created through the App remain in Jira (they are normal Jira worklogs) and are governed by your Jira retention settings.

CSV export

When an approver exports a timesheet or batch, the App generates the CSV from data already returned by Jira and triggers a download in the browser. The file does not pass through any Midgaard infrastructure. What you do with the downloaded file is governed by your organization’s own data-handling policies.

Sub-processors

The App relies on Atlassian as the sole sub-processor: the runtime, storage, and all data access are provided by Atlassian Forge. See Atlassian’s Privacy Policy for how they process data on your behalf.

GDPR and Atlassian data residency

Because data is not transmitted outside Atlassian, the App inherits whatever data residency and GDPR-related controls Atlassian provides for your instance. The App itself introduces no additional cross-border data flow.

Permissions requested at install

  • read:jira-work, read:jira-user — to read the issues, worklogs, and users needed to build the timesheet grid and approval views.
  • write:jira-work — to create, update, and delete your own worklogs when you edit timesheet cells. This is the only write permission and is scoped to worklogs.
  • storage:app — to persist week structure, week status, and approver mappings in Forge Storage.

Your rights

Because the App does not control or store data outside Atlassian, requests related to access, correction, or deletion of personal data are best directed to Atlassian (for underlying Jira data) or handled by deleting your timesheet data / uninstalling the App. For any question that requires our involvement, contact us at the address below and we will respond within a reasonable time.

Changes to this policy

We may update this Privacy Policy as the App evolves. Changes will be posted at this URL with a revised effective date. Continued use of the App after changes constitutes acceptance.

Contact

Questions about this Privacy Policy or the App’s data handling:
piotr@midgaard.software