Privacy Policy | Velozar Labs

Velozar Labs ("we", "us") is a software research and development firm based in India. We build specialized infrastructure tools for regulated industries.

This Privacy Policy is divided into two parts: General Practices (applicable to all interactions) and Product Specifics (applicable to specific software tools).

How the App Handles Your Data

Zero data egress by architecture. The NIS2 Compliance Monitor is built on Atlassian Forge, a platform where all app logic executes natively inside your Atlassian Cloud environment. Velozar Labs does not operate any servers that receive, process, store, or transmit your Jira data. Your incident records, report drafts, SLA timers, and compliance status exist only within your Atlassian Cloud instance and are subject to Atlassian's data processing terms, not ours.

Velozar Labs receives no telemetry, no issue content, no user data, and no compliance records from your Jira instance. The only information Velozar Labs receives from Atlassian is standard Marketplace licensing data (subscription status, instance ID) used to enforce the app license.

This architecture is verifiable: the app's Forge manifest and permission scopes are reviewed by Atlassian as part of the Marketplace submission process.

Data Minimization Principles

We believe that the safest data is data we do not collect. Across all our operations, we adhere to a strict policy of data minimization. We do not sell, rent, or trade user data to third parties for marketing purposes.

Website & Analytics

When you visit velozarlabs.com, we do not use third-party tracking cookies, pixels, or analytics services (like Google Analytics). Your visit is private.

Security Architecture

We implement industry-standard security controls, including code reviews, access restrictions, and encryption, to protect our infrastructure. Our security team is based in Uttar Pradesh, India.

Contact & DPO

For privacy inquiries, Data Processing Agreements (DPA), or security reporting, please contact:

Product: NIS2 Compliance Monitor for Jira

Platform: Atlassian Forge (Jira Cloud)

1. No-Egress Architecture
This application is built on the Atlassian Forge platform. We do not maintain external databases. We do not transmit, process, or store your Jira Issue Data (summaries, descriptions, attachments) on any server outside of your Atlassian Cloud instance.

2. Data Residency
All application data resides within the Atlassian Cloud infrastructure. If your Jira instance is hosted in the EU (e.g., Frankfurt), our application data remains in that region.

3. Configuration Storage
App settings are stored using the encrypted Atlassian Forge Storage API. No data is stored on Velozar Labs servers. The following data categories are stored within your Atlassian Cloud instance:

App configuration — entity name, sector, jurisdiction, contact name and email, officer group name, monitored project keys, monitored issue types, trigger keywords, priority thresholds, and notification settings
SLA timer timestamps — the Unix timestamp of the confirmed Moment of Awareness for each breach issue, keyed by Jira issue key
Draft report form data — per-stage Article 23 report fields saved by NIS2 Officers before final submission, including incident type, detection date, affected services, mitigation steps, and lessons learned
Per-issue deduplication keys — the last-processed webhook timestamp per issue, used to prevent duplicate breach notifications

All of the above is stored exclusively within your Atlassian Cloud instance and is never transmitted to Velozar Labs or any third party.

4. Payment Processing
Subscription billing for paid plans is handled exclusively by Atlassian Marketplace. Velozar Labs does not process, store, or have access to any payment card or financial information.

5. Data Subject Rights (GDPR)
Since this application stores app-specific configuration data linked to Atlassian Account IDs, we honour all Right to Erasure (Right to be Forgotten) requests. Manual deletion requests for app-specific configuration data can be submitted to support@velozarlabs.com and will be processed within 30 days.