Back to siteSection home
AppRL Documentation
🔗

Inactive Users Manager – Trust Center

Transparency about data handling, Forge security, data residency, and Guard/SCIM limitations.

← Back to siteSection home
Product
Inactive Users Manager
Vendor
AppRL
Support

This page provides transparency about how Inactive Users Manager handles data, security, and compliance within Atlassian Cloud.

Privacy Overview

Inactive Users Manager is an Atlassian Forge application designed to identify inactive users based on their last activity in Jira and group membership. The app runs entirely within Atlassian Cloud and does not use external infrastructure.

Data Access

  • Jira users (accountId, displayName, and email when available)
  • Group membership information
  • User activity metadata (last active / activity signals)
  • Jira issue data only when required for activity evaluation

Access is limited to what is necessary to generate inactivity reports.

Data Storage

  • Job execution metadata (temporary)
  • Generated report chunks (temporary)
  • Admin configuration (ORG ID and Admin API Key, encrypted via Forge storage)

All data is stored using Atlassian Forge Storage, scoped to each customer instance.

Data Sharing

  • Does not share data with third parties
  • Does not sell data
  • Does not send data outside Atlassian

All processing occurs within Atlassian infrastructure.

Security Statement

Inactive Users Manager is built on Atlassian Forge and inherits its security model.

  • Runs entirely within Atlassian Cloud
  • No external servers required
  • Admin API usage only when explicitly configured by the customer
  • Encrypted storage via Forge
  • Principle of least privilege
  • All operations respect the Jira permission model

Important Limitation (Atlassian Guard / SCIM)

For environments using Atlassian Guard (SCIM / AD sync), some groups cannot be modified via API. User removal from these groups must be done in the identity provider. The app detects and safely ignores these scenarios.

Data Residency

  • Data remains within Atlassian-controlled infrastructure
  • Respects the customer configured region
  • No external data transfer

Compliance

  • GDPR
  • LGPD
  • Data minimization
  • No external storage
  • Permission-based access
  • Automatic cleanup of stored data

Support & Contact

For any questions related to privacy, security, or compliance, please contact support@app-rl.com.

Updates

This Trust Center may be updated as the app evolves.