Privacy Policy
Last updated: June 2026 · Effective: June 1, 2026
1. Introduction
This Privacy Policy describes how Vectored ("we", "us", "our") handles information in connection with the Confluence Macro Toolkit application ("the App") distributed through the Atlassian Marketplace. We are committed to protecting the privacy and security of our users.
This policy applies to both the Lite (free) and Pro editions of the App.
2. Data We Do NOT Collect
The App does not collect, process, store, or transmit any of the following:
- Personal Identifiable Information (PII) — names, emails, addresses
- Usage analytics, telemetry, or behavioral data
- IP addresses, device fingerprints, or browser information
- Cookies, tracking pixels, or advertising identifiers
- Content of diagrams, markdown, polls, or any user-created macro content
3. Data Storage & Processing
All data created by the App remains entirely within your Atlassian Confluence instance:
| Macro content | Stored as Confluence macro config parameters (inline with page content) — never leaves your instance |
| Poll votes | Stored in Forge Storage (Atlassian-managed, encrypted at rest) — scoped to your site only |
| Mood entries | Stored in Forge Storage — scoped to your site only |
| Admin settings | Stored in Forge Storage — accessible only by site admins |
| Draw.io diagrams | Stored in Forge Storage + page attachments — within your instance |
Forge Storage is Atlassian's managed storage service. Data is encrypted at rest using AES-256 and in transit using TLS 1.2+. Storage is isolated per-app and per-site. We have no access to your stored data.
4. External Services
Most macros operate entirely client-side with no external calls. Two optional macros (disabled by default) connect to external services:
| Service | Used By | Data Sent | Purpose |
|---|---|---|---|
| embed.diagrams.net | Draw.io macro | Diagram XML | Editor rendering |
| www.plantuml.com | PlantUML macro | PlantUML text (during editing only) | SVG rendering |
- Both are disabled by default — admin must explicitly enable them
- PlantUML: only sends text during editing; published page renders stored SVG offline
- No personal data or authentication tokens are sent to either service
- No other third-party analytics, advertising, or data-processing services are used
5. Atlassian API Scopes
The App requests the following Atlassian scopes, used solely for macro functionality:
| read:confluence-content.summary | Read page metadata to render macros in context |
| read:confluence-user | Resolve display names for poll/mood voter attribution |
| write:confluence-file | Upload diagram attachments (Draw.io only) |
| storage:app | Persist poll votes, mood data, admin settings, Draw.io diagrams |
These scopes follow the principle of least privilege. The App does not request write access to page content, user management, or space administration.
6. Data Retention & Deletion
- Uninstall: Running
forge uninstallremoves all Forge Storage data for that site - Macro content: Deleting a page removes all inline macro config data
- No backups: We do not maintain any copies of your data outside Atlassian infrastructure
- No data export: We never export, aggregate, or access your instance data
7. Security Measures
- Runs on Atlassian Forge — sandboxed execution environment
- No server-side code outside Atlassian infrastructure
- All communication over TLS 1.2+
- Content Security Policy (CSP) enforced on all Custom UI resources
- Source code publicly auditable (open source)
8. Children's Privacy
The App is a business productivity tool and is not directed at children under 16. We do not knowingly collect data from children.
9. GDPR & International Compliance
Since the App does not collect or process personal data, GDPR data subject rights (access, rectification, erasure, portability) are not applicable to our App directly. Your Confluence instance data is governed by your organization's agreement with Atlassian.
For GDPR purposes: we act as neither a data controller nor data processor, as no personal data flows through our systems.
10. Changes to This Policy
We may update this policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Material changes will be noted in the app's changelog. Continued use after changes constitutes acceptance.
11. Contact
If you have questions about this policy or our privacy practices:
- Open a GitHub issue
- Use the Support page feedback form
- Email support@vectored.dev