> ## Documentation Index
> Fetch the complete documentation index at: https://docs.raleyapps.com/llms.txt
> Use this file to discover all available pages before exploring further.

# RaleyApps data security and privacy statement

> How RaleyApps add-ons for Jira and JSM access, process, store, and protect your data, including hosting locations, encryption, and GDPR compliance details.

This statement describes the data access, handling, and storage practices for all Raley add-ons. *Effective: November 4, 2022.*

## Hosting Infrastructure

All cloud-hosted systems run on **DigitalOcean** and **Amazon AWS** servers located in **Amsterdam** and the **USA**. Server access is limited to the RaleyApps support team.

* **Data retention after uninstall:** User-provided data is retained for up to 60 days, then permanently deleted.
* **Third-party sharing:** Data is never shared with third parties except as required by law.
* **Encryption:** All communications between the app and Jira use SSL and JWT encryption.
* **Google API compliance:** The apps comply with the Google API Services User Data Policy.

***

## Cloud-Hosted Apps

### Raley Emails Notifications

**Permissions:** READ, WRITE, ADMIN, ACCESS\_EMAIL\_ADDRESSES

**What it reads:**

* Jira issues, projects, and versions
* User data and email addresses from Jira groups and accounts

**What it stores:**

* Configuration data (including SMTP, Slack, or HipChat credentials if configured) — backed up for 30+ days
* When audit is enabled: writes a copy of sent notifications as private issue comments
* Does **not** persistently store the details of your Jira issues, projects, or versions

**Gmail OAuth:** When configured for Gmail, the app stores Message-ID headers and user name/email to enable email threading.

***

### Raley Intake Forms

**Permissions:** READ, WRITE, ADMIN

**What it does:**

* Reads issue and project metadata to build forms
* Creates Jira issues and JSM customers from form submissions

**What it stores:**

* Does **not** store submitted form data
* All iframe rendering is HTTPS-protected
* Communications secured via SSL and JWT
* Configuration backed up for 30+ days

***

### Raley Procurement for Jira & JSM

**Permissions:** READ, WRITE, ADMIN, ACCESS\_EMAIL\_ADDRESSES

**What it stores:**

* Workflow statuses, project keys, issue keys, and quantitative PO data (line amounts, summaries)
* Does **not** store private user information
* Configuration backed up for 30+ days

***

### Raley Bookman

**Permissions:** READ, WRITE, DELETE

**What it reads:** Jira issues matching configured JQL queries; JSM Assets workspace information

**What it stores:**

* App-specific booking attributes attached to Jira issues/JSM requests
* Does **not** store private user information
* 30+ day backup retention

***

## Server-Hosted Apps

### Raley Notifications (Server)

**Permissions:** READ and WRITE access to issues, attachments, projects, and users on the host Jira server.

**What it stores:**

* All configuration is stored locally on your Jira server — no data is transmitted to external systems or third parties
* RaleyApps does not collect installation data from server instances
* Disaster recovery relies on your Jira server's own database backup

***

## Questions?

For data or privacy questions, contact us at [support@raleyapps.com](mailto:support@raleyapps.com).
