Data Processing Agreement

Version 1.0 · Last updated 15 June 2026 · Applies to the Evergreen AI for Confluence Forge app.

This Data Processing Agreement (“DPA”) governs the Processing of Personal Data by the Evergreen AI for Confluence application (the “App”), provided by Andrew Murray le Roux, an independent developer who operates as “Murray le Roux” (the “Vendor,” “we,” “us”), on behalf of the Atlassian customer that installs and configures the App (the “Customer”). Where the App is obtained through the Atlassian Marketplace, this DPA supplements the end-user terms applicable to the App and forms part of the agreement between the Customer and the Vendor for the App.

The short version. The Customer controls the data; we process it only to provide the App. All Processing and storage happen inside Atlassian’s infrastructure — the App declares no egress and sends Personal Data to no vendor-operated or non-Atlassian service. We engage no sub-processors of our own; the only platform that hosts or processes data is Atlassian, as the provider of Forge.

Effective date and acceptance. This DPA is incorporated into and forms part of the terms governing the App. It takes effect when the Customer first installs or uses the App, and binds the entity on whose behalf the App is installed (identified by the Atlassian account under which the App is installed). Where a Customer requires a counter-signed copy for its procurement process, the Vendor will provide one on request. This DPA remains in effect for as long as the Vendor Processes Personal Data on the Customer’s behalf, and survives termination until that data is deleted or returned.

1. Definitions

Capitalized terms used but not defined here have the meaning given in applicable Data Protection Law.

Data Protection Law — all laws applicable to the Processing of Personal Data under this DPA, including the EU General Data Protection Regulation 2016/679 (“GDPR”), the UK GDPR, and the California Consumer Privacy Act of 2018 as amended (“CCPA”).
Personal Data, Processing, Data Subject, Controller, and Processor — as defined in the GDPR. Under the CCPA, “Controller” corresponds to “Business” and “Processor” corresponds to “Service Provider.”
End-User Data — any data, content, or information of a Customer end user that is accessed, collected, or otherwise processed by the App. The categories Processed by the App are set out in Annex 1.
Sub-processor — any third party engaged by the Vendor to Process Personal Data on the Vendor’s behalf.

2. Roles of the parties

With respect to the Processing of Personal Data under this DPA, the Customer is the Controller (or a Processor acting on behalf of its own controllers) and the Vendor is the Processor. For Personal Data subject to the CCPA, the Customer is the Business and the Vendor is a Service Provider. The Vendor Processes Personal Data only to provide the App and for no independent commercial purpose of its own.

3. Processing on documented instructions

The Vendor will Process Personal Data only on the Customer’s documented instructions, including with regard to international transfers, unless required to do otherwise by law (in which case the Vendor will, where legally permitted, inform the Customer first). The Customer’s instructions are constituted by this DPA, the App’s documentation, and the configuration choices the Customer makes in the App — in particular, the spaces the Customer selects for analysis. The App performs no analysis until the Customer explicitly selects a space. The Vendor will inform the Customer if, in its opinion, an instruction infringes Data Protection Law.

4. Confidentiality

The Vendor maintains the confidentiality of Personal Data and ensures that any person authorized to Process Personal Data is bound by an appropriate duty of confidentiality. As a sole developer, the Vendor is currently the only person with authorized access and is personally bound by this obligation; any future personnel or contractor will be bound by written confidentiality obligations before being granted access. Because the App runs entirely within Atlassian’s infrastructure, the Vendor does not receive, export, or access Customer End-User Data in the ordinary course of providing the App.

5. Security

Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of Processing, the Vendor implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, as described in Annex 2. Because the App is built on Atlassian Forge with no data egress, it inherits the security and infrastructure controls of the Atlassian Cloud platform.

6. Sub-processors

The Vendor engages no Sub-processors of its own. The App stores data exclusively in Atlassian-hosted Forge storage and performs all analysis, including AI inference, using Atlassian-provided platform services (Forge LLMs). Atlassian, as the provider of the Forge platform, hosts and processes data on the Customer’s Atlassian instance; Atlassian’s own sub-processor disclosures and commitments apply to that platform processing. The Vendor makes no representation about Atlassian’s platform processing beyond Atlassian’s published terms. The Customer authorizes this platform Processing by Atlassian as an integral part of using the App. To the extent that this Atlassian platform Processing (including Forge LLM inference) is considered sub-processing, the Customer provides general authorization for Atlassian as a Sub-processor under Article 28(2) and (4) GDPR, with flow-down protections satisfied by Atlassian’s own data-processing terms. Should the Vendor ever intend to engage a Sub-processor of its own, it will give the Customer prior notice at least 30 days before that Sub-processor begins Processing and an opportunity to object; if the Customer reasonably objects and the Vendor proceeds regardless, the Customer may terminate use of the App with respect to the affected Processing. The Vendor will impose data-protection obligations on any such Sub-processor no less protective than those in this DPA. Any such change would also require a manifest permission change and a new major version of the App, which is subject to Atlassian’s review.

7. Assistance with data-subject rights

Taking into account the nature of the Processing, the Vendor will assist the Customer by appropriate technical and organizational measures, insofar as possible, to respond to requests from Data Subjects exercising their rights under Data Protection Law (such as access, rectification, erasure, restriction, portability, and objection). Because the App stores limited data keyed to Atlassian account IDs, the Vendor provides account-ID-keyed erasure and an administrator-initiated purge of all App data. If the Vendor receives a request directly from a Data Subject, it will not respond directly (other than to acknowledge receipt) but will refer the request to the Customer. See Annex 2 and the Privacy Policy.

8. Personal data breaches

The Vendor will notify the Customer without undue delay, and in any event within 72 hours, after becoming aware of a Personal Data breach affecting Personal Data Processed under this DPA. To the extent the information is available to the Vendor, that notification will describe the nature of the breach, the categories and approximate number of Data Subjects and records affected, the likely consequences, and the measures taken or proposed to address it. The Vendor will not notify Data Subjects or supervisory authorities on the Customer’s behalf; that remains the Customer’s responsibility as Controller. Notification will be sent to the Customer’s administrative contact or to the email associated with the App installation, which the Customer is responsible for keeping current.

9. Data protection impact assessments

Taking into account the nature of Processing and the information available to the Vendor, the Vendor will provide reasonable assistance to the Customer with data protection impact assessments and prior consultations with supervisory authorities, to the extent these relate to the App’s Processing of Personal Data.

10. International transfers

The App does not transfer Personal Data outside the Atlassian environment. All Processing and storage occur within Atlassian-hosted Forge infrastructure. The Vendor itself initiates no cross-border transfer of Customer End-User Data. Where international transfers occur within the Atlassian platform, Atlassian’s own transfer mechanisms (including Standard Contractual Clauses where applicable) govern that platform Processing. Data-residency behavior follows Atlassian’s Forge hosted-storage capabilities and the status shown for the App in Atlassian admin and the Marketplace listing; the App stores no data outside Atlassian infrastructure. See the Privacy Policy.

11. Deletion and return

On termination of the App’s use, and at the Customer’s choice, the Vendor will delete or return Personal Data and delete existing copies, unless retention is required by law. In practice, deletion occurs through: (a) an administrator-initiated purge of all App data, which is immediate and irreversible; (b) Atlassian’s standard Forge hosted-storage lifecycle on uninstall, under which data is soft-deleted and then deleted according to Atlassian’s hosted-storage retention and disposal process; and (c) account-ID-keyed erasure for individual requests. Personal Data that appears incidentally inside stored page excerpts is removed when the related finding is deleted or when all App data is purged. The App does not retain Personal Data beyond the retention periods set out in Annex 1.

12. Audits and information

The Vendor will make available to the Customer information reasonably necessary to demonstrate compliance with this DPA and will contribute to audits, including inspections, conducted by the Customer or an auditor it mandates. Such audits may be conducted on reasonable prior written notice of at least 30 days, no more than once in any 12-month period (except where required by a supervisory authority or following a Personal Data breach), during normal business hours, subject to confidentiality, and at the Customer’s cost. Given that the App runs entirely on Atlassian Forge with no vendor-operated infrastructure, the Vendor will satisfy audit requests primarily through documentation — this DPA, the Security & data handling page, the App’s declared scopes, and the Marketplace Privacy & Security record — supplemented by written responses to reasonable security questionnaires. Audit rights with respect to the underlying platform are governed by Atlassian’s own commitments.

13. CCPA service-provider terms

To the extent the Vendor Processes Personal Data that is subject to the CCPA on the Customer’s behalf, the Vendor acts as a Service Provider and certifies that it:

Processes such Personal Data solely to perform the services described in Annex 1 and for no other purpose;
does not sell or share Personal Data, and does not retain, use, or disclose it for any purpose other than the business purposes specified, or as otherwise permitted by the CCPA;
does not retain, use, or disclose Personal Data outside the direct business relationship with the Customer;
does not combine the Personal Data it receives from the Customer with personal information obtained from other sources, except as permitted for service providers under the CCPA;
will notify the Customer if it determines that it can no longer meet its obligations as a Service Provider under the CCPA; and
understands these restrictions and will comply with them.

14. Liability, changes, and general

Precedence. This DPA supplements, and where there is a conflict on the subject of data protection prevails over, the other terms applicable to the App.

Liability. Except for liability that cannot be limited or excluded under applicable law, each party’s aggregate liability arising out of or in connection with this DPA is limited to the total fees paid or payable for the App in the twelve months preceding the event giving rise to the liability, and neither party is liable for indirect, incidental, or consequential loss. Where the App’s end-user terms contain a limitation of liability, that limitation applies to this DPA and is not increased by it.

Changes. The Vendor may update this DPA. For material changes to the data-protection terms, the Vendor will give the Customer prior notice via the App or the Marketplace listing, and the Customer may object; if the Customer reasonably objects to a material change, the parties will work in good faith to resolve it, and failing resolution the Customer may terminate use of the App with respect to the affected Processing. No change will reduce the protections below what Data Protection Law requires.

Governing law. This DPA is governed by, and construed in accordance with, the laws of the Commonwealth of Pennsylvania, USA, without regard to its conflict-of-laws principles, and the state and federal courts located in Pennsylvania have exclusive jurisdiction over disputes arising out of it. Nothing in this clause deprives a Data Subject of the protection of the mandatory laws of their place of habitual residence.

Assignment. The Customer may not assign this DPA without the Vendor’s prior written consent. The Vendor may assign this DPA to a successor or affiliated entity — including a company the Vendor later forms to operate the App — in connection with a reorganization, incorporation, merger, or transfer of all or substantially all of the assets or business relating to the App, on notice to the Customer and provided the assignee agrees in writing to be bound by this DPA. This DPA binds and benefits the parties and their permitted successors and assigns.

Severability. If any provision is found unenforceable, the remainder continues in effect.

Annex 1 — Details of processing

Subject matter	Provision of the Evergreen AI for Confluence App, which semantically analyzes Confluence page content to produce content-quality findings.
Duration	The term of the Customer’s installation and use of the App, plus the limited retention periods below. This DPA survives termination until deletion or return of Personal Data is complete.
Nature and purpose	Reading selected page content; analyzing it with Atlassian-hosted models to detect likely content-quality issues; storing the resulting findings, short evidence excerpts, and triage state so the Customer can review, assign, and resolve them.
Categories of Data Subjects	The Customer’s Confluence users (including page authors, owners, assignees, and reviewers) and any individuals whose Personal Data appears within analyzed page content.
Types of Personal Data	Atlassian account IDs of assignees and of users who dismiss findings; short verbatim excerpts of page content (up to 500 characters each) that may incidentally contain Personal Data appearing on a page, such as a name in a contact or escalation reference; and finding and triage metadata. The App stores no other user-profile attributes (such as names, email addresses, or job titles) from the Atlassian directory; display names are resolved at render time and not stored.
Special-category data	The App does not seek special categories of Personal Data. The Customer controls which spaces are analyzed and should not direct the App at content whose excerpts would reveal special-category data.
Sub-processors	None engaged by the Vendor. Hosting and AI inference are provided by Atlassian as part of the Forge platform; Atlassian’s own sub-processor disclosures apply to that platform Processing.
Retention	Findings and their evidence excerpts: until resolved plus 90 days (automatic compaction), or until deleted or purged. Scan ledger (no content): 12 months, rolling. Configuration: life of the installation. All app-owned data: removed immediately on administrator purge; on uninstall, handled under Atlassian’s standard Forge hosted-storage lifecycle.
Location of Processing	Exclusively within Atlassian-hosted Forge infrastructure; no data leaves the Atlassian environment by action of the App.

Annex 2 — Technical and organizational measures

The App implements, through its architecture and the Atlassian Forge platform, the following measures:

Zero egress. The App declares no egress permissions — no external fetch, no remote resources, and no third-party analytics. All Processing, including AI inference, occurs within Atlassian’s environment.
Least-privilege access. The App requests read-only access to the content it analyzes and the metadata needed to scan efficiently. It requests no permission to modify, archive, or delete page content, and no Jira scopes. Its only writes are to its own data and, where an administrator enables them, two narrow write features — a page audit-status property and an assignment comment that @mentions an assignee — neither of which edits page bodies.
Permission-safe rendering. Before showing any evidence excerpt, page title, or link, the App checks the viewing user’s own permission on the source page and redacts the row if the viewer is not entitled to see the page.
Data minimization. Full page text is Processed transiently in memory; only short evidence excerpts, reasoning, and metadata are retained.
Storage within Atlassian. All data is stored in Atlassian-hosted Forge storage (Forge SQL and key-value storage); none is stored on vendor-operated infrastructure.
No secrets. The App uses no API keys or shared secrets and requires none from end users.
Defensive handling of model input. Model output is schema-constrained and length-capped; content the model produced is rendered strictly as text, never as markup; and a prompt-injection attempt cannot cause a content write (no such scope) or any egress (none exists).
Secure development. CI gates run on every release, including Forge eligibility (which enforces the zero-egress posture), a frozen scope list, schema validation, an evaluation-regression suite, and dependency scanning with an allowlist that blocks known phone-home or analytics packages.
Deletion and erasure. Administrator-initiated purge (immediate, irreversible); on uninstall, handling under Atlassian’s standard Forge hosted-storage lifecycle; and account-ID-keyed erasure for individual requests.

Contact

Questions about this DPA, or to exercise data-protection rights, contact support@evergreen-docs.com. See also the Privacy Policy and Security & data handling.