Privacy Policy

Last updated - 27th October 2025

By using the Chirp: Social Intranet & Community for Confluence software (“Chirp”), you acknowledge that you have reviewed the terms of our End User Licence Agreement (EULA) and this Privacy Policy (“Privacy Policy”), have the authority to act on behalf of any person or organization for whom you are using the Product, and agree that we may collect and process your Data in accordance with this Privacy Policy.

If you are using our Product on behalf of a company or organization, you acknowledge that you are binding your company or organization to this Privacy Policy.

This Privacy Policy applies to our Customers. It is the responsibility of each Customer to determine if this Privacy Policy aligns with its own data handling and privacy practices.

Chirp is built entirely on the Atlassian Forge platform and operates fully within Atlassian’s infrastructure. Amoeboids Technologies Pvt Ltd does not have access to, store, or process any customer or end-user data outside Atlassian’s environment.

Company means Amoeboids Technologies Pvt Ltd. The terms “we”, “us” and “our” when used in this Privacy Policy refer to the Company.

Customer means a direct customer of the Company who installs or subscribes to Chirp from the Atlassian Marketplace. The terms “you”, “your” and “yours” when used in this Privacy Policy refer to the Customer.

Product refers to our Confluence app Chirp: Social Intranet & Community for Confluence (“Chirp”), built on the Atlassian Forge platform.

Data means Personal Information and User Data.

Data Controller has the meaning given in Rec. 22, Art. 3(1) of the GDPR — that is, a natural or legal person, public authority, agency, or any other body which alone or jointly with others determines the purposes and means of processing Personal Information. In the case of Chirp, Atlassian acts as the primary Data Controller for all data stored and processed within its infrastructure.

Data Subject means an identified or identifiable natural person who is a user of Confluence and interacts with Chirp.

GDPR means the General Data Protection Regulation (European Union).

Law means all relevant legal and regulatory requirements applicable to you or us.

Personal Information means information about an identified individual or an individual who is reasonably identifiable, whether the information is true or not and whether the information is recorded in a material form or not.

User Data means configuration and operational data generated during the normal use of Chirp, including information such as group and category configurations created by Confluence administrators.

Atlassian Platform refers to the hosting and operational environment provided by Atlassian for its Forge-based applications, including the associated APIs, infrastructure, and storage systems.

Subprocessor means any processor engaged by Atlassian, or by the Company in limited circumstances (as applicable), to process data on behalf of the Customer.

Supervisory Authority means the authority with the primary responsibility for dealing with the relevant data processing activity.

Unsolicited Information includes any unsolicited communications by you to the Company.

Chirp operates entirely within the Atlassian Forge platform, which means all data generated or processed by the app remains stored in Atlassian’s infrastructure.

Amoeboids Technologies Pvt Ltd does not collect, transmit, or store any customer or end-user data on its own servers.

While using Chirp, the following types of data may be displayed or stored within Atlassian’s systems:

• User Profile Information: Chirp may display Atlassian user avatars and display names to facilitate community interactions within Confluence.

  These values are retrieved directly from Atlassian and are never stored or transmitted outside Atlassian’s environment.

• Configuration Data: Confluence administrators may configure Groups, Categories, or similar settings for organizing content.

  This configuration data is stored securely using Atlassian’s Forge Storage APIs, within the customer’s Confluence instance.

No other data types (including message content, files, analytics, or behavioral data) are collected or retained by Amoeboids.

Chirp does not:

• collect personal data from users directly;

• track or log user activity beyond what Atlassian natively logs for Confluence;

• use cookies, analytics scripts, or external tracking technologies;

• transmit or sync data to any third-party services.

All data processing, including storage, retrieval, and encryption, is handled by Atlassian’s infrastructure in accordance with Atlassian’s Privacy Policy.

Amoeboids’ visibility into Chirp’s usage is limited to anonymized and aggregate information made available through Atlassian’s developer console and Marketplace APIs - such as:

• number of app installations or active instances,

• licensing information (evaluation, active, or expired),

• anonymized instance identifiers.

No customer content, personal information, or configuration data is ever accessible to Amoeboids.

Should Chirp introduce new capabilities that involve data transmission, integration, or analytics beyond Atlassian’s environment, this Privacy Policy will be updated accordingly. Any such change will be reflected in a revised version published at the designated URL.

Chirp is built and hosted entirely on the Atlassian Forge platform.

All infrastructure, data storage, and processing related to Chirp are managed by Atlassian.

Forge ensures that customer data remains within Atlassian’s secure environment and is subject to the same security, privacy, and compliance controls as Confluence itself.

Key aspects of Atlassian’s security include:

• Data encryption at rest and in transit

• ISO/IEC 27001, SOC 2, and GDPR compliance

• Strict tenant isolation for each customer instance

• Regular vulnerability scanning and third-party audits

For more details, please refer to Atlassian’s Security Practices and Atlassian Privacy Policy.

Amoeboids Technologies Pvt Ltd does not have access to:

• customer databases or Confluence content,

• user-generated content (posts, comments, configurations), or

• any form of personally identifiable information (PII).

All Chirp operations, including data creation, retrieval, and deletion, occur through Atlassian’s APIs and are fully sandboxed within Forge’s environment.

Amoeboids adheres to secure software development best practices and Atlassian’s Forge security guidelines, which include:

• periodic internal security reviews of app code,

• use of Atlassian-provided APIs for all storage and authentication,

• restricted scopes and permissions,

• and prompt updates to address Forge platform advisories or vulnerabilities.

All customer data stored by Chirp (e.g., Group or Category configurations) is:

• stored using Atlassian’s encrypted Forge Storage APIs,

• associated exclusively with the customer’s Confluence instance,

• and inaccessible to any other tenant, user, or third-party.

Chirp does not use any external databases, file systems, or third-party servers.

All application logic, event handling, and data storage reside within Atlassian’s controlled infrastructure.

Since Chirp operates entirely within the Atlassian Forge environment, any data incidents or breaches within the hosting infrastructure are governed by Atlassian’s own incident response and notification procedures.

Atlassian is responsible for identifying, mitigating, and notifying affected customers in accordance with its security and compliance commitments.

For reference, Atlassian’s approach to incident management is described in its Trust & Security Documentation.

While Amoeboids does not have access to customer data stored within Chirp, the Company maintains its own internal incident response policies to address:

• security vulnerabilities discovered in the app’s source code,

• any suspected unauthorized activity within Amoeboids’ Atlassian developer environment, and

• incidents reported by Atlassian or customers that could potentially affect Chirp’s behavior.

If Amoeboids becomes aware of a security event impacting Chirp’s functioning or potentially affecting user data, we will:

1. promptly investigate the issue,

2. coordinate with Atlassian’s security team, and

3. communicate any confirmed impacts to affected customers as soon as practicable.

In the event that Atlassian notifies Amoeboids of a breach related to Chirp, or if Amoeboids identifies a security incident within the app codebase that could compromise user privacy, Amoeboids will:

• notify affected Customers via their Atlassian contact email or support portal, and

• provide information regarding the scope of impact, remediation steps, and preventive measures.

As the Customer and administrator of your Confluence instance, you agree and warrant that:

1. Compliance with Law:

   You will ensure that your use of Chirp, including the creation and management of any content or configuration within Confluence, complies with all applicable data protection and privacy laws.

2. Data Handling within Atlassian:

   You understand and acknowledge that all Chirp-related data is stored and processed solely within Atlassian’s infrastructure. Therefore, Atlassian’s own privacy and security policies govern the handling of such data.

3. Authorized Access:

   You are responsible for managing user permissions within your Confluence environment to ensure that only authorized personnel can access Chirp-related configuration areas such as Groups and Categories.

4. End-User Notification:

   If required under applicable law, you are responsible for informing your users that Chirp operates as an Atlassian-hosted app and that their Atlassian profile information (such as avatars and display names) may be displayed within Chirp’s interface.

5. Assessment of Security Measures:

   You have reviewed the security model of Atlassian Forge and believe that it provides a level of security appropriate to the nature of your data and use of Chirp.

Since Chirp operates fully within the Atlassian Forge platform, all data associated with Chirp (including configuration data and user profile information) resides within Atlassian’s systems.

Accordingly, Amoeboids Technologies Pvt Ltd does not have access to, or the ability to modify, any customer data stored or displayed through Chirp.

If an individual (Data Subject) seeks to:

• access their personal information,

• request corrections, or

• request deletion of data associated with their Atlassian account,

such requests must be directed to Atlassian, which acts as the Data Controller for information stored within Confluence and Forge.

Customers may refer to Atlassian’s Privacy Policy for guidance on submitting data access or deletion requests.

If Amoeboids receives a data-related request directly from a Customer or Data Subject regarding information stored in Chirp, Amoeboids will:

• not access or modify any stored data,

• promptly forward the request to Atlassian for appropriate handling, and

• notify the requester that their data resides within Atlassian’s environment.

Since Chirp does not maintain any user databases outside Atlassian, any corrections to user profile data (e.g., display name or avatar) must be made within Atlassian’s systems, where updates automatically reflect in Chirp.

All data related to Chirp is processed and stored within the Atlassian Forge platform.

As such, Atlassian acts as the primary Data Processor and infrastructure provider for all Chirp-related operations.

Amoeboids Technologies Pvt Ltd does not directly process or transmit customer data to any external systems.

Atlassian may engage its own approved Subprocessors to deliver the Forge platform and associated Confluence services.

These Subprocessors typically provide infrastructure, hosting, or technical support services (e.g., AWS, Google Cloud).

A current list of Atlassian’s subprocessors is maintained at Atlassian Subprocessors.

Amoeboids does not engage any subprocessors for the operation of Chirp.

Since no customer or user data leaves Atlassian’s systems, there is no external data processing by Amoeboids or any third-party vendors.

Atlassian’s subprocessors are bound by data protection and confidentiality obligations consistent with Atlassian’s own legal and compliance requirements.

All processing activities performed by Atlassian or its subprocessors occur in accordance with applicable privacy laws, including GDPR.

Amoeboids Technologies Pvt Ltd does not disclose, share, sell, or transfer any customer or user data to third parties.

All information processed by Chirp resides exclusively within Atlassian’s infrastructure and remains governed by Atlassian’s data protection and disclosure policies.

Any disclosure of data associated with Chirp - such as to comply with legal obligations or government requests - is handled solely by Atlassian, in accordance with its own Privacy Policy and Data Processing Addendum.

In the unlikely event that Amoeboids is required by law or regulatory authorities to cooperate regarding Chirp-related data:

• Amoeboids will immediately inform Atlassian and the affected Customer (unless prohibited by law),

• will not access or disclose any data independently, and

• will defer to Atlassian’s established compliance procedures for data disclosure.

Since Chirp does not store any customer data outside Atlassian’s environment, no Personal Information would be transferred in the event of a merger, acquisition, or sale of Amoeboids assets.

Only anonymized aggregate data (such as installation counts) maintained through Atlassian’s Marketplace APIs could be part of such a transfer.

All storage and processing of Chirp-related data occur within the Atlassian Forge environment, which relies on Atlassian’s global cloud infrastructure.

Depending on your Atlassian data residency configuration, your data may be stored in regions such as the United States, the European Union, Australia, or other approved jurisdictions where Atlassian or its sub-processors operate.

Atlassian implements industry-standard safeguards for cross-border data transfers, including:

• adherence to the EU Standard Contractual Clauses (SCCs),

• compliance with the GDPR, and

• the use of certified data centers meeting ISO/IEC 27001 and SOC 2 standards.

For complete details, Customers should review Atlassian’s Data Residency and Transfer Policy.

Amoeboids Technologies Pvt Ltd does not perform any independent cross-border transfers of customer data.

All data flow is restricted to Atlassian’s controlled infrastructure, and Amoeboids does not export, copy, or replicate any data stored through Chirp.

By installing and using Chirp, you acknowledge that any necessary cross-border transfers of data occur exclusively under Atlassian’s management and in accordance with its applicable privacy and compliance framework.

Amoeboids Technologies Pvt Ltd (“the Company”) provides the following warranties regarding the operation of Chirp:

1. Scope of Processing

   We will process your Data strictly in accordance with this Privacy Policy.

   Since Chirp operates entirely within Atlassian’s Forge platform, all data storage and processing occur within Atlassian’s secure infrastructure.

2. No External Processing

   We do not collect, store, or process any customer or user data outside Atlassian’s environment.

   Amoeboids does not sell, rent, trade, or otherwise transfer any data collected through Chirp to any third party.

3. Compliance with Atlassian Framework

   We will maintain full compliance with Atlassian’s Forge security and data handling requirements and promptly adopt any mandatory updates or improvements mandated by Atlassian.

4. Withdrawal of Consent

   You may discontinue your use of Chirp at any time, which will automatically cease any further data interactions between Chirp and your Confluence instance.

   As no external data is retained by Amoeboids, there are no residual copies to be deleted upon uninstallation.

5. Future Modifications

   This Privacy Policy reflects the current version of Chirp, which has no external integrations, analytics, or data transfers.

   Should future releases introduce features that alter how data is collected or processed (e.g., integrations with Slack or other systems), this Privacy Policy will be updated accordingly.

   The latest version will always be available at the designated URL on the Amoeboids website.

6. Notification of Material Changes

   Any significant changes to Chirp’s data handling practices or privacy model will be communicated through an updated Privacy Policy and, where required by law, via appropriate customer notifications.

All data protection and confidentiality obligations outlined in this Privacy Policy shall survive the termination of your use of Chirp.

Since Chirp does not store or process any customer data outside Atlassian’s infrastructure, these obligations remain applicable only insofar as Amoeboids continues to ensure:

• adherence to Atlassian’s Forge data handling and security standards, and

• compliance with applicable privacy laws governing app development and maintenance.

This Privacy Policy remains in effect until all obligations relating to data protection and compliance under Atlassian’s developer framework have been fulfilled.

When you uninstall Chirp from your Confluence instance, Atlassian automatically revokes all app permissions and deletes any data stored through the Forge Storage API associated with your site.

Amoeboids Technologies Pvt Ltd does not store any data externally and therefore performs no independent data deletion process.

Following uninstallation:

• Any configuration data created through Chirp (such as Groups or Categories) is permanently deleted from Atlassian’s storage within 30 days, as governed by Atlassian’s data retention policy for Forge apps.

• Amoeboids has no access to this process and receives no copies, backups, or exports of your data.

If you require earlier deletion or confirmation of data removal, such requests must be directed to Atlassian through your organization’s Atlassian support channel.

Amoeboids will cooperate with Atlassian if notified of such requests, but we cannot independently verify or action them.

Upon termination of your license or discontinuation of Chirp’s use, all obligations that reasonably relate to data protection, confidentiality, and compliance under this Privacy Policy will continue to apply in accordance with Section 12 (Survival).

All infrastructure, storage, and operational controls for Chirp are provided and managed by Atlassian under the Forge platform.

As such, any security or compliance audits concerning data storage, transmission, or access are conducted by Atlassian or its certified auditors.

While Amoeboids Technologies Pvt Ltd does not maintain or access customer data, the Company agrees to:

• comply with Atlassian’s developer compliance requirements and security audits as part of the Forge app ecosystem,

• maintain internal documentation demonstrating adherence to Atlassian’s Forge security and privacy standards, and

• cooperate with Atlassian in the event of any investigation or audit related to Chirp’s operation.

If required by a Supervisory Authority or internal compliance process, Customers may:

• request confirmation that Chirp operates solely within Atlassian’s Forge infrastructure; and

• rely on Atlassian’s existing SOC 2, ISO/IEC 27001, and GDPR certifications as evidence of compliance.

Amoeboids will provide reasonable assistance (e.g., documentation or confirmation letters) upon written request to support such compliance reviews but cannot grant direct access to Atlassian’s systems or data.

If you submit unsolicited information (including feedback, suggestions, or feature ideas) to Amoeboids Technologies Pvt Ltd, such information will be handled in accordance with this Privacy Policy.

If any unsolicited submission includes Personal Information, and we determine that we would not have otherwise been entitled to collect such data under this Privacy Policy, we will:

• either delete or de-identify that information as soon as practicable; or

• retain and use it only to the extent necessary to respond to your communication or provide customer support.

Feedback or ideas submitted to us voluntarily (e.g., via email or the Atlassian Marketplace) may be used by Amoeboids for the purpose of improving Chirp or developing new products.

However, such usage will never involve the inclusion or processing of customer content or data stored within your Confluence instance.

This Privacy Policy is governed by and construed in accordance with the laws of the Republic of India.

You agree that any dispute, claim, or controversy arising out of or relating to your use of Chirp or this Privacy Policy shall be subject to the exclusive jurisdiction of the courts located in India.

Nothing in this clause limits your rights under applicable data protection laws, nor does it restrict Atlassian’s obligations under its own privacy and compliance framework.

In the event of any conflict between Atlassian’s privacy commitments and this Privacy Policy, Atlassian’s Privacy Policy shall prevail for all data processed within its infrastructure.

You are entitled to lodge a complaint regarding the handling of your Data in connection with Chirp.

Given that all Chirp data is processed within Atlassian’s environment, complaints relating to data stored or displayed through Confluence should first be directed to Atlassian, which acts as the Data Controller for such information.

If your complaint concerns Amoeboids Technologies Pvt Ltd’s role as the app developer (for example, regarding app behavior, feature requests, or policy compliance), you may contact us directly.

Before escalating any issue to a regulatory authority, we encourage you to first contact us so we may address your concerns promptly and transparently.

We will respond to all privacy-related inquiries within 30 business days.

For questions, concerns, or complaints regarding this Privacy Policy or Chirp’s data handling practices, please contact us via our official support channel.