Privacy Policy

Privacy Policy

How AI Comment Action Inbox collects, sanitises, processes, and stores data. Written in plain English. Aligned with the Australian Privacy Act 1988, GDPR, and Atlassian Marketplace requirements.

Last updated: April 2026

Formal policy notice

This page contains Sivect's company-wide privacy practices and product-specific data handling information. Our formal Privacy Policy, generated and maintained in compliance with GDPR, the Australian Privacy Act 1988, and CCPA, is hosted separately. Both documents together constitute our complete privacy disclosure.

View Formal Privacy Policy →

Section 1

What is AI Comment Action Inbox?

AI Comment Action Inbox is an Atlassian Forge app built by Sivect. It monitors @mentions in Jira, Jira Service Management, and Confluence comments, classifies them using AI, and displays them in a personal priority inbox inside Jira. The app runs entirely inside Atlassian's Forge platform.

Section 2

What data we collect

We collect the following data when you use AI Comment Action Inbox.

What we collect

  • Atlassian user account IDsto identify which inbox belongs to which user
  • Comment text from Jira, Confluence, and Jira Service Managementonly comments that @mention you, limited to 800 characters
  • Issue metadataissue key, title, type, priority, and status — to provide context in your inbox
  • Your app preferencessort order, view mode, muted projects, muted authors, dashboard configuration

What we do not collect

  • Email addresses
  • Passwords
  • Payment information
  • Location data
  • Any data from outside your Atlassian instance

Section 3

How we process your data before AI

Before any comment text is sent to our AI provider, it passes through a multi-layer PII sanitisation pipeline that detects and replaces:

DetectedReplaced with
Email addresses[EMAIL]
Phone numbers[PHONE]
API keys and authentication tokens[SECRET]
IP addresses[IP_ADDRESS]
Internal hostnames[HOST]
Atlassian account IDs[USER]
Customer and company names[CUSTOMER]
HR and legal sensitive terms (salary, NDA, PIP, termination)[SENSITIVE]
Personal name signatures[NAME]
Credit card numbers[CREDIT_CARD]

The AI never receives raw user data. Only the sanitised text and basic issue metadata (title, type, priority, status) are sent.

Section 4

Where your data is stored

All data is stored exclusively in Atlassian Forge Storage — Atlassian's own encrypted key-value store. There is no external database. There are no servers outside Atlassian's infrastructure managed by Sivect.

Your action items (comment text + classification)Forge Storage, isolated by your account ID
Your preferencesForge Storage, isolated by your account ID
Admin configurationForge Storage, shared within your Atlassian instance

Section 5

AI Processing — How It Works

AI Comment Action Inbox uses the Anthropic API (api.anthropic.com) for AI classification. Anthropic is SOC 2 Type II certified and operates under a GDPR Data Processing Agreement. Before any text is sent to Anthropic, it passes through a multi-layer PII sanitisation pipeline — no raw user data, account IDs, names, emails, or identifiable information is ever included in the AI request.

What is sent to Anthropic: sanitised comment text with all PII replaced by typed tokens, plus basic issue metadata (title, type, priority, status — no user data).

What is never sent to Anthropic: raw comment text, Atlassian account IDs, email addresses, phone numbers, API keys, customer names, or any other identifiable information.

Comment text leaves your Atlassian instance only to reach the Anthropic API, and only after multi-layer PII sanitisation. The sanitised text is not stored by Anthropic.

Sent to Anthropic

  • Sanitised comment text
  • Issue title
  • Issue type
  • Issue priority
  • Issue status

Never sent to Anthropic

  • Raw comment text
  • User account IDs
  • Email addresses
  • Any other identifiable information

Anthropic does not train on API data by default. For Anthropic's privacy policy, visit anthropic.com/privacy.

Section 6

Data retention

Active action itemsRetained until you resolve them
Resolved itemsDeleted after a 10-second undo window
Items older than 60 daysAutomatically evicted
Your preferencesRetained until you reset them or uninstall the app

Section 7

Your rights

You have the right to:

  • Access the data we hold about you
  • Request deletion of your data
  • Reset your preferences and inbox at any time from within the app (Settings → Data & Storage → Clear All)
  • Uninstall the app, which removes all associated data from Forge Storage

To exercise any of these rights, contact us at [email protected].

Section 8

Security

  • All data is encrypted at rest by Atlassian Forge Storage automatically
  • All data in transit uses HTTPS/TLS enforced by the Forge platform
  • The Anthropic API key is stored as an encrypted platform environment variable — never logged and never accessible to users
  • Logs are sanitised to remove PII before writing
  • User data is strictly isolated by account ID — no user can access another user's data

Section 9

Contact

For privacy questions or data requests:

Section 10

Changes to this policy

We will notify users of material changes to this policy via the app interface. Continued use of the app after changes constitutes acceptance.

Have a question this policy doesn't answer? We're happy to talk to your security or compliance team directly.

Contact usView product details →