Privacy and Security Policy

Privacy Policy

Last updated: 26 Mar 2026

Summary: Fast Estimate runs on Atlassian Forge. Standard app data and saved estimation data are stored in Forge storage for your Jira site. The optional AI estimation feature (“Fast Estimate AI”) sends selected issue content and related user inputs to OpenAI (https://api.openai.com) API solely to generate the requested estimate. We do not operate our own separate external database for this App.

1. Who we are

Controller / Provider: Software Dirk Sandhorst (“we”, “us”)
Contact: privacy@itc-sandhorst.de
Address: Wendlohstr. 185B, 22459 Hamburg, Germany

If you have privacy questions, contact us at the email above.

2. Scope

This Privacy Policy explains how Fast Estimate (“App”) processes data when installed and used in Jira Cloud via the Atlassian Marketplace.

It covers both the standard estimation functionality running on Atlassian Forge and the optional AI-supported estimation functionality (“Fast Estimate AI”). The AI functionality is only used when a user actively invokes it.

3. Data we process

Depending on how you use the App, we may process the following categories of data from your Jira site:

A) Jira project and issue data (read-only unless you explicitly trigger creation features)

Project key and project identifiers
Issue identifiers (issue id, issue key)
Issue fields used for display or selection (e.g., summary, issue type, status, hierarchy level, parent references)

B) Estimation data entered by users in the App

Work package titles
Estimation values (e.g., min/max/guess, uncertainty percentages, derived/calculated values)
Configuration settings (e.g., activity factors, calculation method, units, hours-per-point)

C) Data processed for the optional AI estimation feature (“Fast Estimate AI”)

Issue summary / title
Issue description
User answers to AI follow-up questions during the estimation workflow
The consolidated prompt generated from the issue content and user answers for estimating effort
Optional project description entered by the user
Estimation preferences and settings entered by the user, for example whether output should be in story points or time duration

D) Technical and operational data (minimal)

Timestamps (e.g., last saved time)
App-internal identifiers needed to store and retrieve records
Basic logs for troubleshooting (if enabled)

We do not intentionally collect sensitive personal data. Please do not enter sensitive personal information into free-text fields.

4. Purposes of processing

Provide the App’s functionality (create, display, and store effort estimates)
Load and present selected Jira issues for estimation
Generate AI-supported effort estimates when a user explicitly uses the optional Fast Estimate AI feature
Save and retrieve estimation configurations for your project
Maintain security, prevent abuse, and troubleshoot issues

5. Legal basis (GDPR)

Where GDPR applies, we process data:

To perform the contract (providing the App’s requested functionality), and/or
Legitimate interests (operating, securing, and improving the App), and/or
Your consent where required (e.g., optional features you enable).

Your organization is typically responsible for ensuring it has the right to use Jira data with Marketplace apps.

6. Data storage and location

Fast Estimate runs on Atlassian Forge. Data entered into the App is stored using Forge storage associated with your Jira site and the App installation. We do not operate our own separate external database for this App.

For the optional Fast Estimate AI feature, certain data required to generate an estimate is transmitted to the OpenAI (https://api.openai.com) API for processing. This may include the issue summary/title, issue description, user answers to AI questions, the consolidated prompt, an optional project description, and selected estimation settings. This transmission occurs only when a user invokes the AI estimation feature.

Unless separately stated in the App or agreed otherwise, the App itself is not designed to persist such AI request content in an external database operated by us outside Atlassian Forge. However, data sent to third-party providers is processed on their systems in order to provide the requested response and is subject to their applicable service environment and terms.

7. Data sharing

We do not sell your data. We disclose or make data available to third parties only as necessary to provide the App and related services, for example:

Atlassian, as the platform provider for Forge and Jira Cloud services;
OpenAI (https://api.openai.com), as a service provider / processor for the optional Fast Estimate AI feature, solely for the purpose of generating the requested estimate when that feature is used; and
Other service providers strictly necessary for operating our business (e.g., email or support tooling), where applicable.

Processing by third-party providers is subject to the contractual, technical, and organizational arrangements applicable to the respective service.

8. Data retention

We retain stored estimation data in Forge until:

You delete it via the App (if available), or
The App is uninstalled, or
Your organization requests deletion (see “Your rights”).

We may retain minimal logs for a limited period for security and troubleshooting.

Where data is sent to the OpenAI (https://api.openai.com) API for the optional Fast Estimate AI feature, retention on third-party systems, if any, is determined by the applicable provider configuration, contractual terms, and technical service environment rather than by a separate storage system operated by us.

9. Security

We implement appropriate technical and organizational measures to protect data, taking into account the nature of the App and the services used. However, no method of transmission or storage is 100% secure.

10. Your rights

Where applicable, you may have rights to access, correct, delete, or restrict processing of personal data. To exercise rights, contact us at privacy@itc-sandhorst.de. We may need information to verify the request and the relevant Jira site.

11. International transfers

If data is processed outside your country (for example through Atlassian’s cloud infrastructure or through the OpenAI (https://api.openai.com) API used for the optional Fast Estimate AI feature), such transfers take place under the safeguards and transfer mechanisms made available by the relevant service providers, where applicable.

12. Changes

We may update this policy from time to time. We will update the “Last updated” date above.

13. Contact

For privacy questions or requests: privacy@itc-sandhorst.de

Security Policy

Last updated: 26 Mar 2026

This Security Policy describes the technical and organizational measures used for Fast Estimate for Jira and explains how security issues can be reported.

1. Scope

This Security Policy applies to the Fast Estimate app for Jira Cloud provided by IT-Consulting Sandhorst.

2. Hosting and Platform

Fast Estimate is implemented as an Atlassian Forge app for Jira Cloud. Core app execution and storage use Atlassian Forge services and infrastructure where applicable.

3. Access Control

Access to administrative systems and related service accounts is restricted to authorized persons only.
Credentials and API secrets are handled with appropriate care and are not intentionally exposed in public source code or public documentation.
Access is granted on a least-privilege basis as far as reasonably practicable.

4. Data Protection and Encryption

Data transmitted between users, Atlassian Cloud, and external services is protected via transport encryption (HTTPS/TLS) where applicable.
For the optional Fast Estimate AI feature, only the information reasonably required to generate an effort estimate is sent to the OpenAI (https://api.openai.com) API. This may include issue summary/title, issue description, user answers to AI follow-up questions, a consolidated prompt, optional project description, and selected estimation settings.
The AI feature is user-initiated; the relevant data is sent externally only when the user invokes that feature.
Saved app data continues to use Atlassian Forge storage; no separate external database is operated by the app.
Sensitive information should not be entered into the app unless necessary and appropriate for the intended estimation use case.

5. Secure Development and Change Management

The app is maintained through version-controlled development processes.
Changes are tested before release as far as reasonably practicable.
Security-relevant fixes are prioritized appropriately.

6. Vulnerability Handling

Reported security issues are reviewed as quickly as reasonably possible. Confirmed vulnerabilities are assessed and addressed according to their severity and operational impact.

7. Incident Response

If a security incident affecting Fast Estimate is identified, reasonable steps will be taken to investigate, mitigate, and remediate the issue. Where legally required or operationally appropriate, affected parties will be informed.

8. Third-Party Services

Fast Estimate relies on Atlassian Forge platform services for hosting and storage. For the optional Fast Estimate AI feature, the app also uses the OpenAI (https://api.openai.com) API to process selected issue content and related user inputs for generating an estimate.

The use of such third-party services means that relevant request data is transmitted to systems outside Atlassian Forge for processing. This external processing is limited to the optional AI feature and does not change the fact that the App’s own persistent storage is based on Atlassian Forge unless otherwise stated.

The respective security and compliance controls of these providers apply to the services they operate.

If you want to report a security issue related to Fast Estimate, please contact: info@itc-sandhorst.de

Please do not include highly sensitive secrets or production credentials in initial vulnerability reports.

This Security Policy may be updated from time to time to reflect product, process, or legal changes. The current version will be published on this page.