This Privacy Policy is mandated by Chapter 3 of the GDPR and other applicable data protection laws. It describes how we, in our capacity as a data controller, collect, store, use, and otherwise process Personal Data (as defined below) of employees, contractors, and other representatives of our business (corporate) customers - being potential, current, and former users of our Apps (each a “Customer”), as well as Website visitors and other individuals (collectively, “you,” “your,” or “yours”). Accordingly, this Privacy Policy is addressed to you as an individual whose Personal Data we process as a controller.
Most times when we process Personal Data provided to us or collected in connection with the use of our Apps and Websites by our Customers, whether it is your Personal Data or personal data processed through our Cloud Apps, we act as a data processor, and this Policy does not apply. For these purposes we have prepared a Data Processing Agreement, which can be provided to Customer upon request by contacting support@stiltsoft.com.
Information on how we manage and secure other types of data that may not qualify as Personal Data is available in the following documents and resources (collectively, the “App-Specific Policies”):
- our Trust Center.
- our ‘Trust and Compliance Documentation’ portal (including links to App-specific privacy policies, data retention policies, and App-specific ‘Security’ page).
- our Data Retention Policy (only for Cloud Apps).
- the ‘Privacy and Security’ tab on the applicable App’s page on the Atlassian Marketplace (only for Cloud Apps).
Please note that when a data center or server version of our App (“Software App”) is used (as opposed to Cloud Apps), we do not have access to or process any data that runs through such Software App. Unlike Cloud Apps, Software Apps are downloaded from the Atlassian Marketplace and run on Customers’ instances of the applicable Atlassian product behind their firewall. For Software Apps, the only data we process is the contact details of Customer’s representatives, data contained in attachments they provide in a technical support request, and anonymized App usage analytics related to specific Apps.
If you do not agree with this Policy, do not access or use our Apps and Websites or interact with us, as applicable.
1. Definitions
“Policy” means this Stiltsoft Europe Privacy Policy.
“We”, “our” or “us” means Stiltsoft Europe OÜ, a company whose registered address is at Jõe tn 3-303, 10151, Harju maakond, Tallinn, Estonia, and any of our affiliates.
“You”, “your” refer to the definitions provided in the Recitals above. In most instances you access our Apps and Websites through our Customer (or the Customer’s client) for whom or with whom you work.
“Customer” refers to the definition provided in the Recitals above.
“App” means a Software or Cloud App designed to interoperate with the corresponding Atlassian product (e.g., Confluence, Bitbucket, or Jira). The Apps are developed by us and distributed through Atlassian Marketplace.
“Website” means the website accessible at https://stiltsoft.ee/, https://stiltsoft.com/, including its subdomains, and our other websites on which this Policy appears.
“Cloud App” means an App that runs on our or Atlassian’s servers and is provided to our clients as a cloud-based (software-as-service) solution.
“Software App” refers to the definition provided in the Recitals above.
“License Agreement” refers to the Stiltsoft Europe App License Agreement.
“Atlassian” means Atlassian Pty Ltd. or other applicable Atlassian entity, the owner and provider of Atlassian Marketplace and certain products (Jira, Confluence, Bitbucket, etc.) or other product or service, with which the Apps are used.
“Personal Data” means information that can be used to identify you as an individual, like your first and last name, email address, username, usage data and so on. Personal Data does not include information that does not identify you as an individual (e.g., a business phone number) or has been anonymized such that it does not allow for your identification. If you cannot be identified (e.g., when Personal Data has been aggregated and anonymized), then this Policy does not apply.
“App-Specific Policies” refers to the definition provided in the Recitals above.
2. When We Act as Processor
Our Apps and Websites are designed for use by organizations and businesses, including our Customers. Where we provide an App to a Customer, the Customer may control the information processed in connection with the use of that App. For example, this applies to Personal Data contained in attachments submitted by you as part of technical support requests. In such cases, this Privacy Policy does not apply.
3. Third Parties Processing Your Personal Data
This Policy does not cover the collection, processing, storage or use of your Personal Data, by Atlassian or other third parties. We do not control when or how third parties collect, process, store, or use your Personal Data. Please, refer to the privacy policies of third parties in order to learn and understand how and when they use your information.
For example, the Atlassian Privacy Policy governs how Atlassian collects and uses your information.
4. When We Act as Controller
There might be instances when we, rather than our Customer or Atlassian, or independently of the Customer or Atlassian, determine the purposes and means of processing your Personal Data, including its collection. In such cases, this Policy applies, and these instances will be further detailed below.
5. App-Specific Privacy, Data Collection, and Security Terms
Some of our Apps may be subject to additional privacy, data collection, data retention, or security terms specific to that App. If so, these additional terms are outlined in the App-Specific Policies.
6. What Personal Data We Collect and How We Do That
When you visit our Website, use our App or contact us directly we collect and process your Personal Data. The ways we collect it can be broadly categorized into the following:
6.1. Information you provide to us directly
When you use our Apps and Websites, you may provide Personal Data to us directly. For example, we may ask for your contact information when you reach out with questions or request support, or you may provide your Personal Data when submitting feedback, requesting for an App feature, or leaving comments on our blog and forum pages.
6.2. Information we or our service providers collect automatically
We or our service providers collect some information about you automatically when you visit our Websites, like your region, type of device you use, type of browser you use, language of your browser. We collect some information about you automatically when you use certain Apps, like the type of device you use, type of browser you use, language of your browser or the screen resolution of your monitor or device. For certain Cloud Apps we also collect App-specific usage data, including App-specific events or actions, like the App features you use, the links you click on, the type, size and file formats of attachments you upload to the App, and how you interact with others when using the App. This information is useful for us as it helps us get a better understanding of how you are using and configuring our Apps and Websites so that we can improve them and continue to provide the best experience possible.
Some of this information is collected using cookies, other similar tracking technologies and third-party tools like Google Analytics.
Please note that, by using the Websites and/or Apps, you agree to our use of cookies as described in this Policy.
We use persistent cookies to recognize you when you use our Cloud Apps. A persistent cookie remains after you close your browser. Most browsers allow some control of most cookies through the browser settings. You may be able to reset your browser to refuse all cookies or to indicate when a cookie is being sent. If you do not want us to use cookies, please be sure to block or disable them in your browser.
We also use session cookies that allow us to link your actions during a browser session. A browser session starts when you open the browser window and finishes when you close it. Session cookies are created temporarily and are deleted once the browser window is closed.
We use our own cookies (first party cookies):
- to remember your choice about cookies on the Websites and for the Apps;
- to recognize you when you visit the Website and Apps;
- to remember your preferences.
Additionally, we work with reputable service providers who may use their cookies when you use the Website and Apps (third party cookies). For example, we use Google Analytics to collect App-specific usage data. Google Analytics collects only the anonymous information rather than your name or other identifying information. We do not combine the information collected through the use of Google Analytics with your Personal Data. Although Google Analytics plants a permanent cookie on the web browser you use to identify you as a unique user, the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics is restricted by the Google Analytics Terms of Service and the Google Privacy Policy.
We use tools like Google remarketing to advertise on third-party websites (including Google) to individuals who may have shown interest in our Apps (e.g., previous visitors to our Website). This could mean that we advertise to previous visitors who have not completed a task on our Website, for example by using the contact form to make an inquiry. This remarketing could be in the form of an advertisement on the Google search results page, or a site in the Google Display Network. Google uses cookies to serve advertisements based on someone’s past visits to the Website (more information on advertising cookies used by Google can be found by visiting ‘How Google uses cookies in advertising’ page). You can set preferences for how Google advertises to you, including by opting out of interest-based advertising over Google through the use of cookies, by visiting the Google Ad Preferences page. We may use remarketing tools offered by other platforms (for example, X), which function similarly to those described above.
We also place tracking and/or retargeting pixels on our Website pages, such as, for example:
- X Pixel. It helps us collect information about actions you take after viewing or engaging with our ads on X, particularly regarding visits to our Website. The cookies collect information in an anonymous form, including the number of visitors to the Website and how they arrived at the Website, whether through interaction with X posts or our advertisements. Visit this page to learn more about X’s cookies policy.
- Meta Pixel. It allows us to track and monitor the success of advertisements we post on Facebook and to improve the effectiveness of those advertisements by recording information such as the device you used to access our Website and the actions you took on our Website using cookies. We may also use Meta Pixel to create retargeting advertisements and custom audiences for our advertisements on Facebook and on our Website. Visit this page to learn more about Meta cookies policy.
- LinkedIn Insight Tag. It helps us retarget our Website visitors, optimize our advertising campaigns, and learn more about our audiences. Visit this page to learn more about LinkedIn’s cookies policy.
- Reddit Pixel. It allows us to track actions that visitors take after viewing or clicking on our ad on Reddit. We may also use Reddit Pixel for retargeting. Visit this page to learn more about Reddit’s cookies policy.
Another example of a third party service that can set cookies on your browser when you use the Website and Apps is DISQUS, a comment hosting service. Visit this page to learn more about DISQUS’s cookies policy.
For clarity, this Policy does not cover the use of cookies and other similar technologies by third parties, which services we may utilize.
Web browsers will enable you to see what cookies you have got, allow you to delete them all or on an individual basis, and enable you to block or allow cookies for all websites or individually selected websites. You can also normally turn off third party cookies separately (e.g., to opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout).
Please refer to the applicable App-Specific Policies for more details on how and for what purposes we collect personal and non-personal information.
6.3. Information we receive from Atlassian, our Customer, and other sources
We might receive and collect Personal Data about you from third parties, such as Atlassian or our Customer, including from other users of the App within the Customer. For example, the Customer may designate you as a billing and technical contact on the Customer’s Atlassian account or designate you as an administrator. Atlassian provides us with billing and technical contact details (name, address, email, and phone number) when the App is ordered.
You may connect to certain Apps through the Facebook API or Google API. If you connect to us through Facebook or Google, either during registration or afterward, we will collect, store, and use in accordance with this Policy. The information we may collect in this case may include any data permitted by your Facebook or Google privacy settings, including your name, profile picture, and email address.
If we handle billing and payments directly (as opposed to when the App is purchased through a reseller), our payment provider may make available to us information about the payer’s zip (postal) code, card network type (e.g., Visa, MasterCard, American Express), the last four digits of the card, and its expiration date.
7. Legal Grounds to Process Personal Data
Where we collect Personal Data under applicable data protection laws, we will only process it when we have the legal basis for doing so. Such legal bases are:
- The performance of a contract. We may process your Personal Data where we need to take steps prior to entering into a contract or where it is necessary for the performance of a contract.
- The legitimate interests. Your Personal Data may be processed when we, other companies in our group of companies or third parties (e.g., our service providers) have a business or commercial reason to process your Personal Data.
- A legal obligation. Various laws and regulations may impose certain obligations on us. To comply with them we have to process your Personal Data.
- Your consent. In certain limited cases, we process your Personal Data based on your consent. For example, this may occur when consent is required for direct marketing purposes and the applicable law mandates obtaining your consent.
8. How We Use Personal Data
Our processing of your Personal Data is necessary for us to provide you with the Websites and Apps. If we do not process your Personal Data, we may be unable to provide you with all or some features of the Apps.
We use your Personal Data for a number of purposes, which may include the following:
Use of your Personal Data | Legal basis |
To operate our products, ensure they work as intended and deliver the requested services. | Performance of a contract Legitimate interest |
To set up and operate user accounts, including to authenticate you when you log in. | Performance of a contract Legitimate interest |
To support our Customer and you, including assisting with the resolution of technical or other issues relating to the Apps and Websites. | Performance of a contract |
To enhance our products, to conduct research, test and develop new features and carry out analysis of our products so that we can optimize your user experience and provide you and other users with more efficient tools and features. | Legitimate interest |
To analyze and aggregate data, to prepare statistics, in particular, to produce aggregated and anonymized analytics and reports, which we may use internally or share publicly or with third parties. | Legitimate interest |
To fulfill your orders, to process your payments and for other billing and invoicing purposes when we collect payments directly from you. | Performance of a contract |
To manage our relationship and communicate with you. This may include:
These communications are part of the services we provide you through the Apps and in most cases you will not be able to opt out of them. If an opt out is available, you will find that option within the communication itself or in your account settings. | Performance of a contract Legitimate interest |
To promote and drive engagement with our products. | Legitimate interest |
To send marketing communications that may be of specific interest to you. These communications are aimed at driving engagement and maximizing what you get out of our products, including information about new Apps, newsletters, product offers, and promotions we think may be of interest to you. You may opt out of receiving marketing communications from us by using the unsubscribe link within each email, updating your email preferences in your account settings, or contacting us at support@stiltsoft.com to have your contact information removed from our promotional email list. | Legitimate interest Your consent |
To prevent, detect and report crime, protect you, other users and us, for example, by ensuring network and information security, mitigating security risks, detecting and preventing any fraudulent or malicious activity, and make sure that everyone is using our Apps and Websites fairly and in accordance with the License Agreement. | Legal obligation Legitimate interest Performance of a contract |
To perform legal duties, responsibilities, and obligations; and to comply with any laws and regulations that apply to us. | Legal obligation |
To exercise our rights set out in the License Agreement or other agreements with you. | Performance of a contract |
To disclose information following a restructure, sale of business, merger, or acquisition. | Legitimate interest |
9. To Whom We Disclose Personal Data
When you post on our forums or blogs you make your username and/or email address publicly visible. Thus, you acknowledge that your Personal Data (your name) will be publicly exposed if you post your comments or feedback in the public sections of our Websites (e.g. forums, blogs, feedback portals, etc.).
There will be times when we may need to share your Personal Data with third parties. We may disclose your Personal Data to:
- Other users of the App;
- Atlassian, including Rovo;
- Our Customer for whom or with whom you work;
- Third-party service providers and partners who assist us in the provision of Apps and Websites, for example, we use Amazon for data hosting, Google Analytics and Amplitude for analytics, Sentry and Datadog for error monitoring, troubleshooting, and performance optimization, Mailchimp and Postmark for email delivery, and Vanta to automate compliance and manage risk. For the full list of service providers engaged in processing Personal Data please see the App-Specific Policies in relation to the applicable App;
- Regulators, law enforcement agencies, government bodies, courts, fraud prevention agencies, or other third parties, where in our opinion it is necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights (where possible and appropriate, we will notify you of this type of disclosure); and/or
- An actual or potential buyer (and its agents and advisers) in connection with an actual or proposed purchase, merger, financing, or acquisition of any part of our business.
10. International Data Transfers
When we process and share data, it may be transferred to, and processed in, countries other than your country. Where Personal Data is processed in another country, we put safeguards in place to ensure your Personal Data remains protected.
For individuals in the European Economic Area (EEA), this means that your data may be transferred outside of the EEA. Where your Personal Data is transferred outside the EEA, it will be transferred to countries where we have compliant transfer mechanisms in place to protect your Personal Data, in particular, by implementing the European Commission’s Standard Contractual Clauses to the contracts with the entities the data is transferred to or by using other appropriate legal mechanisms to safeguard the transfer.
11. Security
We take appropriate technical and organizational measures to help ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of the processing of Personal Data. These measures are designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored, or otherwise processed. Access to Personal Data is limited to our employees, contractors, and agents who require such access for legitimate business purposes. We maintain procedures intended to monitor our systems and identify potential security incidents.
Please check the App-Specific Policies for more detail.
Where our Software Apps are hosted by Atlass and used by a specific Customer, responsibility for the security of data storage and access rests with those entities, and not with us.
12. Personal Data Retention
Some data is controlled by our Customer, some data you can delete whenever you like, some data is deleted automatically, and some data we retain for longer periods of time when necessary. When the data is being deleted, we make sure that your data is safely and completely removed from our servers or retained only in anonymized form.
12.1. Personal Data retained until Customer removes it
When the App is made available to you through our Customer, we retain your Personal Data as long as required by the controller (the Customer), unless we use such information as a controller ourselves, in which case the provisions of subsections 12.3 and 12.4 below apply.
12.2. Personal Data retained until you remove it
If you are connected to our App by using your Google account you can stop sharing your Personal Data from Google with us by removing our access to that service.
12.3. Personal Data used for marketing communications
If you have not opted-out or have consented (as the case may be) to receive marketing communications from us, we retain Personal Data about your marketing preferences for a reasonable period of time from the date you last used or expressed interest in our Apps.
12.4. Personal Data retained for extended time periods for limited purposes
Sometimes business and legal requirements oblige us to retain certain Personal Data, for specific purposes, for an extended period of time. Reasons we might retain some data for longer periods of time include:
- To ensure that the Apps and Websites are available to you and other users.
- To protect you, other persons, and us from fraud, abuse, illegal activity and unauthorized access.
- To facilitate dispute resolution.
- To comply with applicable law, regulation, legal process or enforceable governmental request, or when we are required to enforce the License Agreement, including investigation of potential violations.
- If you have directly communicated with us, for example, through a customer support channel or provided feedback or a bug report.
Our data retention practices may be further detailed in the App-Specific Policies. Please refer to the applicable App-Specific Policy.
13. Your Rights
Depending on the applicable local data protection laws and subject to the exclusions and limitations set forth in them, you may have the following rights with respect to your Personal Data that we process as a controller:
- Right to know / to access. You have the right to access (and obtain a copy of, if required) your Personal Data.
- Right to rectification. You have the right to update your Personal Data or to correct any inaccuracies.
- Right to erasure. You may have the right to request that we delete your Personal Data in certain circumstances, such as when it is no longer necessary for the purpose for which it was originally collected.
- Right to restrict processing. You may have the right to request to restrict the use of your Personal Data in certain circumstances, such as when you have objected to our use of your Personal Data but we need to verify whether we have overriding legitimate grounds to use it.
- Right to data portability. You have the right to transfer your Personal Data to a third party in a structured, commonly used and machine-readable format, in circumstances where the Personal Data is processed with your consent or by automated means.
- Right to object. You may have the right to object to the use of your Personal Data in certain circumstances, such as the use of your Personal Data for direct marketing.
Right to opt-out of “sale” or “sharing.” You can opt out of any data "sales" or “sharing” related to cross-context behavioral advertising or targeted advertising. One of the ways to exercise this right is by managing your cookie settings.
- Right to complain. If you are not happy with how we are processing your Personal Data, please let us know by sending an email to support@stiltsoft.com. We will review and investigate your complaint, and try to get back to you within a reasonable time frame. You have the right to complain to your local data protection authority.
Please note that we will be able to assist you in exercising your rights only when we are a controller of your Personal Data (e.g., when we use your information for marketing communications or when you have contacted us not as an employee, contractor, or representative of an organization). You can exercise your rights at any time by sending an email to support@stiltsoft.com. In all other cases, please direct your data privacy questions and requests to your organization.
We may require evidence of and be satisfied as to your identity before we take any requested action.
14. Modifications
We reserve the right, at our sole discretion to put into effect, modify or revise this Policy at any time by posting the Policy or revised Policy on this page. The Policy or any changes will become effective upon posting of the revised Policy. Depending on the significance of the changes to this Policy we will use reasonable efforts to inform you by posting a notice on the Website or by using other ways to notify you about the changes.
15. Privacy Related Inquiries
If, for any reason, you are concerned with the way that we may be using your Personal Data, you have questions about the privacy aspects of the Apps or Websites, please, contact us at support@stiltsoft.com.
16. U.S. Privacy Rights Notice
This Privacy Notice (Section 16) is intended for residents of specific U.S. states where data protection laws have been enacted, including California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia. It supplements the information contained in this Privacy Policy.
As a data controller, we collect Personal Data from a limited number of individuals. Although we might not be meeting the revenue and/or consumer thresholds set by all of these state data protection statutes, we still adhere to the core principles of these laws.
Personal Data that we may collect and disclose, or may have collected from you and disclosed in the preceding twelve months, fall into the following categories:
- identifiers, such as your name, alias, email address or IP address;
- Internet or other electronic network activity information, including, but not limited to, browsing history, search history, pseudonymous identifiers, clickstream data, device and connection information, crash data, referring/exit URLs,, and information regarding your interaction with the Apps and Websites;
- commercial information, such as purchase details, transaction records, billing information, billing address, payment card details;
- non-precise geolocation data, such as an approximate location of your device or computer;
- audio, visual, electronic or other similar information, including when you communicate with us;
- professional or employment information, such as your job title, company name, company domain; and
- inference data, such as information about your preferences.
For more information about Personal Data we may disclose to third parties for a business purpose and the categories of recipients of disclosures, please see Section 9 ‘To Whom We Disclose Personal Data’.
We do not process sensitive personal data as this term is defined in current state privacy laws, with the exception of the California Consumer Privacy Act (CCPA). Under the CCPA, we may process your credentials, including passwords, which are classified as Sensitive Personal Information. We use and disclose Sensitive Personal Information solely for the limited purposes permitted under the CCPA and not for inferring characteristics about a consumer. For instance, we may process your Sensitive Personal Information to fulfill a service request. The CCPA does not grant you the right to limit the use or disclosure of your Sensitive Personal Information for these purposes.
Please visit Section 12 ‘Personal Data Retention’ for more information about our data retention criteria for different categories of Personal Data.
We use Personal Data we collect for business and commercial purposes listed in Section 8 ‘How We Use Personal Data.’
In the past twelve months we have collected Personal Data from the sources outlined in Section 6 ‘What Personal Data We Collect and How We Do That.’
Information about you, your devices, and your behavior collected through third-party cookies, pixels, tags, or other tracking technologies for purposes of cross-context behavioral advertising or targeted advertising may be considered a “sale” or “share” under certain US state data protection laws. However, we do not sell personal information for monetary consideration. In the past twelve months the following categories of Personal Data may have been "sold" or “shared” with third party advertising partners and analytics providers:
- identifiers, such as device identifiers;
- online activity information, such as information about devices and browsers, IP addresses associated with those devices and browsers, and usage data);
- non-precise geolocation data, such as IP addresses.
The purpose for such “sale” or “sharing” is for us to use these third-party services to analyze your interactions with the Apps and Websites and to advertise them.
We do not process Personal Data for the purpose of profiling in furtherance of decisions that produce legal or similarly significant effects concerning consumers.
You may have the rights under the applicable state data protection law, which are described in Section 13 ‘Your Rights’.
We will not discriminate against any consumer for exercising their rights.
Last updated: 19 Feb 2026