Privacy Policy
Last updated: June 2026 · Effective: June 1, 2026
1. Introduction
This Privacy Policy describes how Vectored ("we", "us", "our") handles information in connection with our applications distributed through the Atlassian Marketplace. We are committed to protecting the privacy and security of our users.
This policy applies to all Vectored apps, including:
- Macro Toolkit — Confluence macros for diagrams, polls, charts, and more
- FormForge — Forms and surveys for Confluence
- API Studio — API documentation and testing for Confluence
2. Data We Do NOT Collect
Our apps do not collect, process, store, or transmit any of the following:
- Personal Identifiable Information (PII) — names, emails, addresses
- Usage analytics, telemetry, or behavioral data
- IP addresses, device fingerprints, or browser information
- Cookies, tracking pixels, or advertising identifiers
- Content of your forms, diagrams, API specs, or any user-created content
3. Data Storage & Processing
All data created by our apps remains entirely within your Atlassian Confluence instance:
| Macro content | Stored as Confluence macro config parameters (inline with page content) — never leaves your instance |
| Form definitions | Stored in Forge Storage (Atlassian-managed, encrypted at rest) — scoped to your site only |
| Form responses | Stored in Forge Storage — scoped to your site only |
| Poll votes & mood data | Stored in Forge Storage — scoped to your site only |
| API specifications | Stored in Forge Storage — scoped to your site only |
| Admin settings | Stored in Forge Storage — accessible only by site admins |
Forge Storage is Atlassian's managed storage service. Data is encrypted at rest using AES-256 and in transit using TLS 1.2+. Storage is isolated per-app and per-site. We have no access to your stored data.
4. External Services
Most functionality operates entirely client-side with no external calls. The following optional features (disabled by default) connect to external services:
| Service | App | Data Sent | Purpose |
|---|---|---|---|
| embed.diagrams.net | Macro Toolkit | Diagram XML | Editor rendering |
| www.plantuml.com | Macro Toolkit | PlantUML text (editing only) | SVG rendering |
- Both are disabled by default — admin must explicitly enable them
- No personal data or authentication tokens are sent to any external service
- FormForge and API Studio make no external network calls whatsoever
- No third-party analytics, advertising, or data-processing services are used
5. Atlassian API Scopes
Our apps request only the minimum Atlassian scopes required for functionality:
| read:confluence-content.summary | Read page metadata to render macros and forms in context |
| read:confluence-user | Resolve display names for attribution (polls, form responses) |
| write:confluence-file | Upload attachments (diagrams only) |
| storage:app | Persist app data (forms, votes, settings, API specs) |
These scopes follow the principle of least privilege. Our apps do not request write access to page content, user management, or space administration.
6. Data Retention & Deletion
- Uninstall: Uninstalling an app removes all its Forge Storage data for that site
- Macro content: Deleting a page removes all inline macro config data
- No backups: We do not maintain any copies of your data outside Atlassian infrastructure
- No data export: We never export, aggregate, or access your instance data
7. Security Measures
- All apps run on Atlassian Forge — sandboxed execution environment
- No server-side code outside Atlassian infrastructure
- All communication over TLS 1.2+
- Content Security Policy (CSP) enforced on all Custom UI resources
- Source code publicly auditable (open source)
8. Children's Privacy
Our apps are business productivity tools and are not directed at children under 16. We do not knowingly collect data from children.
9. GDPR & International Compliance
Since our apps do not collect or process personal data, GDPR data subject rights (access, rectification, erasure, portability) are not applicable to our apps directly. Your Confluence instance data is governed by your organization's agreement with Atlassian.
For GDPR purposes: we act as neither a data controller nor data processor, as no personal data flows through our systems.
10. Changes to This Policy
We may update this policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Material changes will be noted in the respective app's changelog. Continued use after changes constitutes acceptance.
11. Contact
If you have questions about this policy or our privacy practices:
- Email support@vectored.dev
- Open an issue on the relevant GitHub repository