Privacy Policy

Effective Date: May 1, 2025

This Privacy Policy explains how Reqase accesses and processes information in connection with the use of the application. Reqase is an AI-assisted testing application built and hosted on the Atlassian Forge platform and does not operate independent hosting infrastructure.

1. Introduction

Reqase is an AI-assisted testing application built and hosted on the Atlassian Forge platform provided by Atlassian.

This Privacy Policy explains how Reqase accesses and processes information in connection with the use of the application.

Reqase does not operate independent hosting infrastructure and does not maintain standalone production servers outside of Atlassian Cloud.

2. Scope of Application

Reqase operates exclusively within Atlassian Cloud environments.

All primary data storage, identity management, access control, and infrastructure security are managed by Atlassian under the customer's Atlassian subscription agreement. Reqase does not provide a standalone SaaS platform and does not host customer environments independently.

3. Roles and Responsibilities

Under applicable data protection laws (including GDPR where applicable):

  • The customer organization acts as the Data Controller.
  • Atlassian acts as the primary Data Processor.
  • Reqase functions as a sub-processor operating within Atlassian infrastructure.

Reqase does not independently determine the purposes or means of customer data storage, retention, or hosting.

4. Information Accessed and Processed

Reqase accesses Jira issue content through authorized Atlassian APIs. This may include:

  • Issue Summary
  • Issue Description
  • Configured Custom Field Values
  • Project-Level AI Instructions or Custom Instructions

When AI-assisted functionality is invoked:

  • Task-relevant issue content is transmitted within Atlassian infrastructure
  • Relevant content is sent to configured enterprise AI providers
  • AI-generated output is returned to the Atlassian environment
  • Reqase does not independently collect personal data from end users.
  • Any personal information that may be contained within Jira issue content is processed solely for the purpose of generating requested AI outputs.
  • Reqase does not create user profiles, behavioral analytics datasets, or independent customer data repositories.

5. Application-Level Storage Characteristics

Reqase does not operate independent databases or external storage systems.

However, limited application-level caching may occur within Atlassian Forge managed storage for functional purposes, such as:

  • Improving user experience
  • Avoiding repeated AI processing
  • Maintaining short-term operational continuity

Such cached data:

  • Remains within Atlassian-managed infrastructure
  • Is not accessible outside the application context
  • Is not used for analytics, profiling, or model training
  • Is subject to defined retention controls and periodic automated deletion

Reqase does not maintain external backups of Jira issue content.

6. Third-Party AI Providers

To provide AI-assisted functionality, Reqase integrates with enterprise-grade AI service providers, including:

  • OpenAI
  • Google (Gemini)
  • Anthropic (Claude)

When AI processing is invoked:

  • Only task-relevant issue content is transmitted
  • Data is encrypted in transit (TLS)
  • Processing is transient
  • Under enterprise configurations, data is not used for model training

If customers configure their own OpenAI or Azure OpenAI subscription, AI processing occurs under the customer's direct contractual relationship with the respective provider.

7. Data Storage and Retention

Reqase does not independently control data residency or long-term data retention.

All primary data storage remains within Atlassian Cloud in accordance with the customer's Atlassian configuration and data retention settings.

Application-level cached data (if applicable) is retained only for limited operational purposes and is subject to automated deletion based on internal retention policies.

8. Security Measures

Reqase applies reasonable technical and organizational safeguards, including:

  • Encrypted communications (TLS)
  • Secure development lifecycle practices
  • Code review procedures
  • Role-based internal access controls
  • Least-privilege access principles

Infrastructure-level security controls are inherited from Atlassian Cloud, which maintains certifications including SOC 2 Type II and ISO 27001.

9. International Data Transfers

Data processing occurs within Atlassian's configured cloud regions and the infrastructure of selected AI providers.

Reqase does not independently determine data hosting regions. Customers control data residency settings through their Atlassian configuration.

10. Data Subject Rights

Where applicable under data protection laws:

  • Data subject requests (access, correction, deletion, restriction, portability) should be directed to the customer organization as the Data Controller.
  • Reqase will assist customers in responding to lawful requests where applicable.

Because Reqase does not operate independent data repositories, it does not maintain separate personal data inventories outside the Atlassian environment.

11. Sub-Processors

Reqase may engage third-party AI providers solely for task-scoped processing as described above.

An updated list of sub-processors can be provided upon request.

12. Changes to This Policy

We may update this Privacy Policy periodically. The revised version will be published within the application or on our official website.

Continued use of the application after updates constitutes acceptance of the revised terms.

13. Contact

If you have any questions or security concerns, please contact us at:

Last Updated: February 2026