Pulse — Privacy & Data Handling
Plain-language disclosure. This page is the privacy policy for the Pulse app on the Atlassian Marketplace.
What Pulse reads
For the projects you select (up to 20), Pulse reads via the Jira REST API:
-
Issue
summaries, statuses, assignee display names, created/due/resolution dates, and the flagged field
-
Story points, epic (parent) names, and issue links — for the by-the-numbers appendix and
cross-project dependency detection
-
Active sprint names and dates, board metadata, and unreleased version names/dates
By default, Pulse never reads issue descriptions, comments, attachments, worklogs, Confluence, or any project you did
not select.
Optional data sources (off by default, admin opt-in)
- Issue comments — the latest comment (last 7 days) on blocked or overdue issues only
- Issue descriptions — a ≤300-character excerpt, for blocked or overdue issues only
-
Confluence pages — titles and short excerpts of pages linked from the selected projects' issues,
plus pages updated in the past week in the Confluence space whose key matches the project key (or a space the admin
explicitly maps as an override)
Enabling a source means that data is included in the LLM call described below; the admin page states this next to each
toggle. Attachments and worklogs are never read under any setting.
What leaves Atlassian
On the days you schedule (plus any manual test runs), Pulse sends the signals above — as structured JSON — to
Anthropic's API (api.anthropic.com) to write the digest (one per project, plus one portfolio rollup
when multiple projects are configured). If the admin enabled optional data sources, those excerpts are included.
Anthropic's API does not train on this data per their commercial terms. Nothing else is sent to the LLM.
The finished digest text is then posted to the destinations you configure:
- Your Slack incoming webhook (hooks.slack.com)
- Your Microsoft Teams incoming webhook (*.webhook.office.com)
- Email recipients you list, sent via Resend (api.resend.com)
What Pulse stores
Inside Atlassian's Forge platform storage (never on external servers):
-
Your configuration (selected projects, schedule, delivery targets, data-source toggles, optional failure-alert email)
- The most recent digest per project and the most recent combined run
-
The last 50 in-app feedback entries (rating, comment, and the submitter's Jira account id, display name, and email
address — looked up at submission time using the submitter's own session, so it reflects whatever profile info they
can already see about themselves)
If you submit feedback in the Pulse Hub, the rating, comment, and your name/email are also emailed to the app developer
(via Resend) so we can act on it and follow up if needed. Feedback is the only user-entered content that leaves your
site, and only when you explicitly submit it.
Webhook URLs are stored in Forge storage and used only to deliver digests. API keys (Anthropic, Resend) are held as
encrypted Forge environment variables, never in app storage or code.
What Pulse never does
- No reading of Jira content beyond the fields listed above
- No selling, sharing, or retention of your data outside Forge storage and the transient LLM call
- No tracking, analytics beacons, or third-party scripts
Data removal
Uninstalling the app deletes its Forge storage per Atlassian's platform policy. To remove delivery targets sooner,
clear them in the Pulse admin page and save.
Contact
Questions: [email protected]