Data Security and Privacy Statement

Effective: July 2026

Protecting your data and your privacy is a high priority for us. Lively Apps GmbH adheres to a strict policy for ensuring the security and privacy of your data, in particular your personally identifiable information (such as full name, address, e-mail address, and/or other identifiable information, collectively “Personal Data”). This statement is accompanied by our Data Processing Addendum.

Overview

Lively Apps provides hosted apps (“Cloud Apps”) for Atlassian Cloud products. Our Cloud Apps are built on the Atlassian Forge platform (“Forge”) and run within Atlassian’s cloud infrastructure. Cloud Apps can be identified by the “Cloud” category in the corresponding Atlassian Marketplace listing.

All data created by an Atlassian Cloud product end user and stored within the Atlassian product is defined here as “Customer Data”. This statement provides an overview of how we collect and process your data across our Cloud Apps.

Note on Data Center apps: our Data Center apps are installed on the customer’s own infrastructure and we do not store Customer Data for them. Atlassian Server has reached end of life and our Data Center apps are being wound down; see the Data Center General Terms and Conditions.

Legal basis for processing

We process Personal Data on the following legal bases under Art. 6(1) GDPR: for the performance of our contract with the customer (lit. b), to comply with legal obligations (lit. c), and on the basis of our legitimate interests in providing, securing and improving our apps (lit. f). Where processing relies on consent, it is carried out on the basis of Art. 6(1)(a) GDPR.

Data security

We maintain state-of-the-art technical and organizational measures to ensure data security, in particular for the protection of your Personal Data. Because our Cloud Apps run on Atlassian Forge, they benefit from Atlassian’s managed, sandboxed infrastructure and its security controls. Our measures are reviewed and updated from time to time to remain state-of-the-art. If you would like more information about our data security concept, please contact us.

Categories of data

  • Account Data — data provided and generated by Atlassian that is required for license validation, contract administration and communication with the customer instance (see below).
  • Configuration / Customer Uploaded Data — data a customer creates and stores within an app via its user interface (see the app-specific sections).
  • Error-tracking data — technical information used to detect and fix errors (see below).
  • Product analytics data — pseudonymised usage data used to understand feature usage and improve our apps (see below).

Cloud Apps

Data storage

Unless otherwise stated below, our Cloud Apps do not store Customer Data locally but store it within the corresponding Atlassian Cloud product and Atlassian’s Forge platform storage. The Atlassian Cloud security information can be found here.

Exceptions applying to all Cloud Apps:

  • Account Data: our Cloud Apps store data provided and generated by Atlassian that is required for license validation, contract administration and communication with the customer instance. This includes for example AddOnKey, ProductType, ClientKey, BaseUrl, ServiceEntitlementNumber, SharedSecret, OauthClientId. This data is deleted at the latest 180 days after the customer unsubscribes from the service (see “End of subscription”). We store this data not out of ‘free choice’ but as a general technical requirement for an Atlassian Cloud app to function.
  • Error-tracking data: our Cloud Apps track errors that occur when the apps’ resources are executed, in order to reproduce and fix problems. This includes for example AddOnKey, ClientKey, BaseUrl, a pseudonymised tracking identifier, error messages and information about the environment such as browser type, browser version and operating system. It is used exclusively to improve our service and is processed within Atlassian’s infrastructure.

Exceptions applying to specific Cloud Apps:

Task Reminder for Confluence:

  • Our Cloud App stores data created with and for the app via its user interface. This includes the configuration of reminder email and Slack settings and metadata managed by the app. This data is deleted at the latest 180 days after the customer unsubscribes from the service (see “End of subscription”).
  • RARE EDGE CASES ONLY — Email addresses: in general, Task Reminder does NOT store user-specific data such as email addresses. Email addresses are exclusively processed to send reminder emails and are not accessible outside that process. There is ONE EXCEPTION for which we are REQUIRED to store an email address: when a Task Reminder email is rejected by an email service provider, we are obliged to store the associated email address on a ‘deny list’. In such a case we store the email address for up to 180 days for the sole purpose of not contacting that address again.

PocketQuery for Confluence:

  • Our Cloud App stores data created with and for the app via its user interface. This includes the configuration of datasources, queries, templates and converters and metadata managed by the app. This data is deleted at the latest 180 days after the customer unsubscribes from the service (see “End of subscription”).

Product analytics

We use PostHog to collect pseudonymised product-usage analytics within our Cloud Apps in order to understand feature usage and improve our apps. Individual end users cannot be identified from this data. Analytics data is stored on PostHog’s EU Cloud (Frankfurt, Germany). The PostHog privacy policy can be found here.

Data location

Customer Data for our Cloud Apps is stored within Atlassian’s cloud infrastructure; the storage region follows the data-residency configuration of the corresponding Atlassian Cloud product. Product-analytics data processed by PostHog is stored in the EU (Frankfurt, Germany).

Access to Customer Data

Only authorized Lively Apps employees and sub-processors from our support and development teams have access to Customer Data. Such sub-processors are contractually bound, under the GDPR, to the same data security and privacy standards that apply to us.

Subcontractors

A current and complete list of the sub-processors we engage can be found in Annex 5 – Sub-processors of our Data Processing Addendum.

End of subscription

If a customer unsubscribes from our Cloud App, we mark stored Customer Data for deletion. The data is deleted after 180 days at the latest if the customer does not re-subscribe. A customer can contact us to request earlier deletion.

Your rights

As a data subject you have the right of access, rectification, erasure, restriction of processing, data portability, and the right to object (Art. 15–21 GDPR), as well as the right to lodge a complaint with a supervisory authority. To exercise these rights, contact privacy@livelyapps.com. The supervisory authority competent for us is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).

Version and amendments

This statement is current as of July 2026. We may update it to reflect changes to our services or legal requirements; the current version is always available on this page.