Privacy Policy

Last updated: March 27, 2026

1. Introduction

Samurai Labs ("we", "us", "our") is a sole proprietorship operated by Krisztian Banhidy, based in Istanbul, Turkey. We develop and publish productivity and analytics apps for the Atlassian Marketplace under the Samurai Labs brand.

This Privacy Policy describes how the following apps ("the Apps") collect, store, process, and protect your data when you install and use them through the Atlassian Marketplace:

CostLens — FinOps and cost analytics for Jira
GuardRail — Security audit and compliance for Jira
SmartTag for Jira — AI-assisted issue tagging and taxonomy
SmartTag for Confluence — AI-assisted content classification
PagePulse — Content health and lifecycle management for Confluence
ServiceCost — Service cost tracking and allocation for Compass

All Apps run exclusively on the Atlassian Forge platform. This means your data is processed and stored within Atlassian's own infrastructure — we operate no external servers and have no direct access to your data outside of what the Forge runtime exposes during execution.

2. Data We Access

Each app accesses only the data necessary to provide its functionality. The following table summarises what data each category of app accesses:

App	Data Accessed
CostLens, ServiceCost (Cost & FinOps)	Jira user display names and account IDs; project metadata; Atlassian license seat data; cost figures, budgets, and allocation data entered by administrators.
GuardRail (Security & Compliance)	Jira audit log events; user activity metadata; IP addresses associated with login and action events; permission configurations; issue metadata used for risk scoring.
PagePulse (Content Health)	Confluence page titles, IDs, and metadata; last-modified timestamps; page view counts; outbound link URLs; content health metrics and user-assigned ownership data.
SmartTag for Jira (AI Tagging)	Jira issue summaries and descriptions (for AI classification); existing labels and components; project context; issue history metadata.
SmartTag for Confluence (AI Classification)	Confluence page content (for AI-based labeling and taxonomy); page titles and space metadata; existing labels; content quality metrics.

We do not access personal communications, passwords, payment information, or any data outside the scopes listed above and declared in each app's Atlassian Marketplace listing.

3. How We Store Data

All persistent data is stored exclusively within the Atlassian Forge platform using two Forge-native storage mechanisms:

Forge SQL — a managed relational database provided by Atlassian. Each app's data is tenant-isolated by the Forge runtime: data from your Atlassian site is inaccessible to any other tenant's installation of the same app.
Forge KVS (Key-Value Store) — used for app settings, caches, and lightweight configuration data. Also tenant-isolated by the Forge platform.

We operate no external databases, no third-party storage services, and no proprietary servers. Data does not leave Atlassian infrastructure.

4. Data Processing

Data accessed by our apps is processed solely to deliver the app's functionality:

Analytics and scoring: CostLens, ServiceCost, and PagePulse compute aggregated metrics, trends, and health scores from the data they access. These calculations happen within the Forge runtime and results are stored back to Forge SQL.
Security analysis: GuardRail processes audit logs to detect anomalies, calculate risk scores, and generate compliance reports. All processing occurs within your Atlassian tenant's Forge environment.
AI classification: SmartTag apps pass content to Atlassian-hosted language models to generate tag and label suggestions. See Section 5 for details.

We do not use your data for our own business analytics, advertising, or any purpose beyond operating the specific feature you invoked.

5. AI Data Processing

SmartTag for Jira and SmartTag for Confluence include AI-assisted features for automatic content classification and tag suggestion.

      Important: SmartTag apps use Forge LLMs — Atlassian-hosted language
      models (currently based on Anthropic Claude). Content passed to these models never
      leaves Atlassian's infrastructure and is not sent to any external AI provider.
    

Specific safeguards we apply to AI processing:

Issue summaries are truncated to 500 characters before passing to the model.
Issue descriptions are truncated to 2,000 characters.
Confluence page content is limited to 100,000 characters per processing call.
Atlassian's Forge LLM infrastructure does not persistently train on customer data. Your content is used only to generate a response for the immediate request.
No AI inference is performed on data outside of explicitly AI-powered features.

6. Third-Party Sharing

We do not share, sell, license, or transmit your data to any third party. This includes:

No analytics or telemetry services (e.g., Google Analytics, Mixpanel, Segment)
No advertising networks
No external AI or machine learning APIs
No data brokers or resellers
No subcontractors with data access

The only external party involved in any data processing is Atlassian itself, which hosts the Forge platform. Atlassian's own privacy practices govern that infrastructure and are described in Atlassian's Privacy Policy.

7. Data Retention

Data stored by our apps persists for as long as the app is installed on your Atlassian site. When you uninstall an app, the Forge platform triggers an uninstallation lifecycle event. All our apps respond to this event by purging all tenant data from Forge SQL and Forge KVS.

All apps also include privacy event triggers that process data deletion requests in accordance with Atlassian's privacy framework. These triggers run automatically and handle the removal of user-level data when an Atlassian admin submits a data deletion request through the Atlassian admin portal.

8. Your Rights (GDPR)

If you are located in the European Economic Area, United Kingdom, or another jurisdiction with data protection laws, you may have the following rights with respect to personal data we process:

Right of access: You may request a description of the personal data we hold about you.
Right to rectification: You may request correction of inaccurate data.
Right to erasure: You may request deletion of your personal data (see Section 9).
Right to data portability: Where applicable, you may request your data in a machine-readable format.
Right to restrict processing: You may request that we limit how we use your data in certain circumstances.
Right to object: You may object to certain types of processing.

To exercise any of these rights, contact us at support@banhidy.hu. We will respond within 30 days. Note that because all data storage is within Atlassian infrastructure, some requests may need to be handled jointly with Atlassian's own data subject request process.

9. Data Deletion

You have two ways to request deletion of your data:

Uninstall the app: Uninstalling any of our apps from your Atlassian site triggers automatic deletion of all associated tenant data from Forge SQL and Forge KVS. This is the fastest and most complete deletion method.
Email request: Contact us at support@banhidy.hu with the subject "Data Deletion Request", including your Atlassian site URL and the app name(s) involved. We will process your request within 30 days.

10. Children's Privacy

Our apps are professional business tools designed for use by organisations and their employees within the Atlassian ecosystem. They are not directed at, and are not intended for use by, individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child's data has been processed by our apps, please contact us at support@banhidy.hu and we will take immediate steps to address it.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our apps, the Forge platform, or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically. Your continued use of our apps after changes are posted constitutes your acceptance of the updated policy.

12. Contact

For any privacy-related questions, requests, or concerns, please contact:

Email: support@banhidy.hu
Operator: Krisztian Banhidy, Samurai Labs
Location: Istanbul, Turkey