Data Processing Agreement

Redmoon Software Ltd

Version1.0
Effective date30 May 2026
Last updated30 May 2026

1. Introduction

This Data Processing Agreement (“DPA”) forms part of, and is incorporated into, the agreement between Redmoon Software Ltd (“Redmoon”, “we”, “us”, the “Processor”) and the customer (“Customer”, “you”, the “Controller”) under which the Customer subscribes to and uses any of Redmoon’s Jira Cloud applications (the “Apps” and, together, the “Service”).

This DPA reflects Redmoon’s commitment to comply with applicable data protection laws, including the EU General Data Protection Regulation (Regulation (EU) 2016/679, “EU GDPR”), the UK GDPR and the UK Data Protection Act 2018 (together “UK GDPR”), and any other applicable data protection legislation (collectively, “Data Protection Laws”).

Where there is any conflict between this DPA and the main service agreement on the subject of personal data processing, this DPA prevails.

Acceptance. This DPA is incorporated by reference into the main service agreement. By subscribing to or continuing to use the Service, the Customer accepts this DPA on behalf of itself and, where applicable, the legal entity it represents. No signature is required for this DPA to take effect. A countersigned copy referencing the version and effective date above is available to Customers whose procurement processes require one — see Section 15 (Contact).

Scope note. This DPA applies to Redmoon’s Jira Cloud apps. For Jira Data Center editions of Redmoon apps, all app data is stored inside the Customer’s own Jira Data Center instance and Redmoon has no servers in the data path; in that case Redmoon does not act as a processor of personal data on the Customer’s behalf and this DPA does not apply.

2. Definitions

Unless otherwise defined here, capitalised terms have the meaning given to them in Data Protection Laws.

  • Personal Data — any information relating to an identified or identifiable natural person that is Processed by Redmoon on behalf of the Customer under the Service.
  • Processing (and Process) — any operation performed on Personal Data, whether automated or not, including collection, recording, storage, retrieval, reading, use, transmission, erasure or destruction.
  • Controller — the entity that determines the purposes and means of the Processing of Personal Data. Under this DPA, the Customer is the Controller.
  • Processor — the entity that Processes Personal Data on behalf of the Controller. Under this DPA, Redmoon is the Processor.
  • Sub-processor — any third party engaged by Redmoon to Process Personal Data in connection with the Service.
  • Data Subject — the individual to whom Personal Data relates.
  • Personal Data Breach — a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data.
  • Standard Contractual Clauses (SCCs) — the standard contractual clauses for the transfer of personal data to third countries approved by the European Commission, and/or the UK International Data Transfer Agreement or UK Addendum, as applicable.

3. Scope and Roles

  • The Customer is the Controller of the Personal Data Processed through the Service. The Customer determines the purposes and means of Processing within its own Jira Cloud environment.
  • Redmoon is the Processor, and Processes Personal Data only on documented instructions from the Customer, as set out in this DPA, the main service agreement, and the Customer’s configuration and use of the Apps.
  • Redmoon will not Process Personal Data for any purpose other than performing the Service, unless required to do so by law, in which case Redmoon will (where legally permitted) inform the Customer of that legal requirement before Processing.

4. Details of the Processing

The subject matter, nature, purpose and duration of the Processing, the types of Personal Data and the categories of Data Subjects are set out in Annex I to this DPA.

In summary:

  • Categories of Data Subjects — Jira users of the Customer’s Jira Cloud site, including issue assignees, reporters, commenters, watchers and other named users.
  • Categories of Personal Data — user account identifiers and display names, and any personal data contained in Jira issue and comment content, attachments, templates, field definitions, watcher rules and audit/log entries that the Customer chooses to process through an App.
  • Purpose — to provide the functionality of the relevant App (for example: managing issue templates, defining custom fields, recording comment history, securing or moving attachments and issues, and managing watchers and notifications).
  • Duration — for the duration of the Customer’s subscription to and use of the relevant App, subject to the deletion and return provisions in Section 11.

5. Processing Location and Infrastructure

Redmoon’s Cloud apps use one of three architectures, and the location where Personal Data is Processed depends on which architecture the relevant App uses. The current architecture for each App is listed in Annex III.

  1. Fully Forge-native apps. Both the user interface and the data storage live entirely on Atlassian Forge infrastructure inside the Customer’s own Atlassian Cloud site. No app data crosses Atlassian’s boundary into a Redmoon-controlled server. Redmoon’s role is to publish the App code; Atlassian Forge runs the code and stores the data.

  2. Forge frontend with Redmoon backend (transitional). The user interface runs on Atlassian Forge inside the Customer’s Atlassian Cloud site, but App configuration data and core processing run on Redmoon-controlled servers. The Forge frontend communicates with the Redmoon backend through Forge remote calls over HTTPS; the Redmoon backend reads and writes Jira data by calling back into the Customer’s Jira Cloud instance using OAuth 2.0 under the Atlassian Connect / Forge authentication framework. Redmoon is actively migrating these apps to Forge-native storage and processing.

  3. Connect apps (legacy). The user interface is served from a Redmoon-controlled server and rendered as an iframe inside Jira Cloud; data and processing also live on the Redmoon backend. Authentication with the Customer’s Jira Cloud instance uses OAuth 2.0 under Atlassian’s Connect framework, and all traffic is HTTPS.

All Redmoon Jira Cloud apps are installed through the Atlassian Marketplace using Atlassian’s standard install flow, and the Customer sees exactly which scopes an App requests at install time. The Atlassian Forge platform governs which scopes a backend is permitted to use.

Issue text, comment text, user account data and the rest of the Jira data model live only in the Customer’s Jira Cloud instance. Apps read or write that data as needed via the Jira REST API but do not store copies of the Jira data model itself; for backend apps, only the App-specific configuration and App-generated artefacts described in Annex I are stored on Redmoon’s servers, and for Forge-native apps that data is stored inside the Customer’s Atlassian Cloud site using Forge storage APIs.

App data REST APIs. Certain Apps additionally expose a REST API that allows the Customer (or systems acting on the Customer’s behalf) to query the App’s own data — that is, the App-specific configuration and artefacts described in Annex I, not the general Jira issue/comment/user data model:

  • Custom Fields exposes a REST API to query the App’s stored data (e.g. custom field definitions) held on the Redmoon backend. Access is authenticated using API keys issued to the Customer.
  • Document Vault (Cloud) stores all of its data inside the Customer’s Atlassian Cloud site (via Forge storage) and offers a Forge REST API to access that data.

The Customer is responsible for safeguarding any API keys issued to it, restricting their distribution, and rotating or revoking them as appropriate; Redmoon will revoke a key on the Customer’s request.

6. Security Measures

Redmoon implements appropriate technical and organisational measures to protect Personal Data against unauthorised or unlawful Processing and against accidental loss, destruction or damage, taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of Processing. These measures are described in Annex II and include, in summary:

Technical measures

  • Encryption in transit — all communication is HTTPS only. Redmoon never sends or receives Jira data in plaintext. This applies to the browser-to-Forge-UI leg, the Forge-UI-to-Redmoon-backend leg (transitional apps only), and the Redmoon-backend-to-Jira-Cloud-REST-API leg.
  • Authenticated API access — all access to Jira data is performed via the Jira REST API authenticated with OAuth 2.0 under Atlassian’s Connect / Forge framework, restricted to the scopes shown to the Customer at install time.
  • Isolated, managed execution — Forge-native apps run within Atlassian’s platform isolation; Redmoon backends run on managed cloud infrastructure (see Annex II and Annex III).
  • Encryption at rest — App data stored by Redmoon backends and by Forge storage benefits from at-rest encryption provided by the underlying platforms.

Organisational measures

  • Access to Redmoon-controlled servers and stored App data is restricted to members of Redmoon’s support team, and is exercised only when investigating a specific support request. Redmoon does not browse Customer data outside of explicit support work.
  • For fully Forge-native apps, no Redmoon staff can access App data at all — it sits inside the Customer’s Atlassian Cloud site and is governed by Atlassian’s own access controls.
  • Source code access is restricted to authorised Redmoon personnel, who are bound by confidentiality obligations.

7. Processor Obligations

Redmoon will:

  1. Process only on instructions — Process Personal Data only on the Customer’s documented instructions, including with regard to international transfers, unless required to do otherwise by applicable law.
  2. Confidentiality — ensure that persons authorised to Process Personal Data are bound by appropriate confidentiality obligations.
  3. Security — implement and maintain the technical and organisational measures described in Section 6 and Annex II.
  4. Sub-processors — engage Sub-processors only in accordance with Section 9, and impose data protection obligations on them that are no less protective than those in this DPA.
  5. Assistance with Data Subject rights — taking into account the nature of the Processing, assist the Customer by appropriate technical and organisational measures, insofar as possible, in responding to requests from Data Subjects exercising their rights under Data Protection Laws (Section 8).
  6. Assistance with compliance — assist the Customer in ensuring compliance with its obligations relating to security of Processing, Personal Data Breach notification, data protection impact assessments and prior consultation, taking into account the information available to Redmoon.
  7. Breach notification — notify the Customer without undue delay after becoming aware of a Personal Data Breach affecting the Customer’s Personal Data, and provide information reasonably required to enable the Customer to meet its own breach-notification obligations.
  8. Deletion or return — at the Customer’s choice, delete or return Personal Data on termination of the Service, in accordance with Section 11.
  9. Audit information — make available to the Customer information reasonably necessary to demonstrate compliance with this DPA, and contribute to audits as set out in Section 10.

8. Controller Obligations and Data Subject Rights

The Customer, as Controller, will:

  1. Ensure that it has a valid lawful basis for the Processing of Personal Data through the Service.
  2. Provide any required notices to, and obtain any required consents from, Data Subjects.
  3. Be responsible for the accuracy, quality and legality of the Personal Data and the means by which it acquired the Personal Data.
  4. Comply with all Data Protection Laws applicable to it as Controller, and issue instructions to Redmoon that comply with Data Protection Laws.

Data Subject rights. The Personal Data Processed through the Service originates in, and (other than App-specific configuration and artefacts) is stored in, the Customer’s own Jira Cloud instance, which the Customer controls directly. Where a Data Subject exercises a right of access, rectification, erasure, restriction, portability or objection that requires action on App data held by Redmoon, Redmoon will, taking into account the nature of the Processing, provide reasonable assistance to enable the Customer to fulfil the request.

9. Sub-processors

The Customer provides general authorisation for Redmoon to engage the Sub-processors listed in Annex III for the Processing of Personal Data.

Redmoon imposes contractual data protection obligations on each Sub-processor that are no less protective than those set out in this DPA, and remains responsible to the Customer for the performance of each Sub-processor’s obligations.

Redmoon will inform the Customer of any intended addition or replacement of a Sub-processor, giving the Customer a reasonable opportunity to object on reasonable data-protection grounds. The current Sub-processors in the Cloud data path are:

  • Atlassian — operates Jira Cloud and the Atlassian Forge platform.
  • Google Cloud Platform (Google App Engine) — hosts Redmoon-controlled backends for the apps that still use that architecture.

Redmoon does not share Customer data with third parties beyond what is necessary to deliver the Service.

10. Audit

Redmoon will make available to the Customer all information reasonably necessary to demonstrate compliance with this DPA and the Customer’s obligations under Data Protection Laws, including providing, on request, a copy of this statement, an up-to-date Sub-processor list and app-specific scope information.

Where an audit is required, the parties will agree in advance on its reasonable scope, timing and duration, conducted so as not to disrupt Redmoon’s operations or the security and confidentiality of other customers’ data. Redmoon may satisfy an audit request by providing relevant third-party certifications and reports held by it or by its Sub-processors (for example, those published by Atlassian and Google Cloud Platform).

11. International Data Transfers

Redmoon Software is established in New Zealand. Customers are located in, among other places, the United Kingdom and the European Economic Area (EEA). Depending on the App architecture (Annex III):

  • For Forge-native apps, Personal Data remains within the Customer’s Atlassian Cloud site and is processed in Atlassian’s data centres, governed by Atlassian’s Data Processing Addendum and Atlassian’s data residency configuration.
  • For apps with a Redmoon backend, App configuration data and artefacts are stored on Google Cloud Platform (Google App Engine) infrastructure located on the East Coast of the United States, and may be accessed by Redmoon from New Zealand for support and operation of the Service.

Adequacy (New Zealand access). New Zealand has been recognised as providing an adequate level of data protection by the European Commission and, for UK GDPR purposes, by the United Kingdom. Accordingly, access to Personal Data by Redmoon in New Zealand is made on the basis of those adequacy decisions.

United States storage (Redmoon-backend apps). Because the Redmoon backend stores App data on Google Cloud Platform infrastructure in the United States, transfers of Personal Data from the UK or the EEA to that infrastructure are made under the applicable Standard Contractual Clauses and/or the UK International Data Transfer Agreement or UK Addendum (and, where applicable, the EU–US / UK Data Privacy Framework as operated by Google), together with the data transfer terms of the relevant Sub-processors (including Atlassian’s DPA and Google Cloud’s data processing and transfer terms), which are incorporated by reference. These transfer mechanisms do not apply to fully Forge-native apps, whose data remains within the Customer’s Atlassian Cloud site under Atlassian’s data residency configuration.

12. Liability

Each party’s liability arising out of or related to this DPA is subject to the limitations and exclusions of liability set out in the main service agreement. Each party is liable for its own breaches of this DPA and of applicable Data Protection Laws.

13. Term and Termination

This DPA takes effect when the Customer begins using the Service and remains in force for as long as Redmoon Processes Personal Data on the Customer’s behalf.

On termination or expiry of the Service, or on the Customer’s earlier request:

  • For Forge-native apps, App data is deleted from the Customer’s Atlassian Cloud site in accordance with Atlassian Forge’s data retention and uninstall behaviour.
  • For apps with a Redmoon backend, Redmoon will, at the Customer’s choice, delete or return the App configuration data and App-generated artefacts it holds, save to the extent that retention is required by applicable law.

Redmoon does not retain copies of the Customer’s Jira issue, comment or user account data, as that data lives only in the Customer’s Jira Cloud instance.

14. Governing Law and Jurisdiction

This DPA is governed by the laws of New Zealand, without regard to conflict-of-laws principles, and the courts of New Zealand have exclusive jurisdiction, unless the main service agreement specifies otherwise, in which case the governing law and jurisdiction of the main service agreement apply. This does not deprive a Data Subject of the protection afforded to them by the mandatory provisions of the Data Protection Laws applicable in their jurisdiction.

15. Contact

Questions about this DPA, requests for a signed copy, the Sub-processor list, or app-specific scope information should be directed to Redmoon Software’s support team at support@redmoonsoftware.com.

16. Amendments

Redmoon may update this DPA from time to time to reflect changes in applicable law, in the Sub-processors or infrastructure used, or in the functionality of the Apps. Material changes will be communicated through Redmoon’s standard channels. Continued use of the Service after an update takes effect constitutes acceptance of the updated DPA.

Annex I — Details of Processing

Subject matter: Provision of Redmoon’s Jira Cloud applications to the Customer.

Duration of Processing: For the term of the Customer’s subscription to and use of the relevant App, plus any period required for deletion or return under Section 13.

Nature and purpose of Processing: Collection, storage, retrieval, reading, use, transmission and deletion of Personal Data as necessary to provide the functionality of each App (issue templates, custom fields, comment history logging, attachment/document security, issue movement, admin access restriction and watcher/notification management).

Categories of Data Subjects:

  • Jira users of the Customer’s Jira Cloud site, including issue assignees, reporters, commenters, watchers and other named users.

Categories of Personal Data:

  • Atlassian site identifier (to distinguish one Customer’s Jira Cloud site from another).
  • User account identifiers and display names.
  • App-specific configuration (e.g. template and executor definitions, custom field definitions, vault membership lists, watcher rules).
  • App-generated artefacts (e.g. audit / error logs, comment history change-log entries, uploaded files where applicable).
  • Any Personal Data contained within Jira issue or comment content that an App reads or writes via the Jira REST API.

Special categories of Personal Data: None intended to be Processed. The Customer should not configure the Apps to process special-category data unless it has ensured an appropriate lawful basis and safeguards.

Frequency of Processing: Continuous, for the duration of the Customer’s use of the Service.

Annex II — Technical and Organisational Security Measures

AreaMeasures
Encryption in transitHTTPS only on all communication legs (browser → Forge UI; Forge UI → Redmoon backend for transitional apps; Redmoon backend → Jira Cloud REST API). No Jira data sent or received in plaintext.
Encryption at restAt-rest encryption provided by the underlying platforms (Atlassian Forge storage for Forge-native apps; Google Cloud Platform for Redmoon backends).
Authentication & authorisationOAuth 2.0 under Atlassian’s Connect / Forge framework for all Jira data access; access limited to the scopes presented to the Customer at install time and governed by the Forge platform. App data REST APIs (currently Custom Fields and Document Vault Cloud) are authenticated with Customer-issued API keys over HTTPS, and operate only on App stored data — not the Jira data model.
Access control (people)Backend server and stored-data access restricted to Redmoon’s support team and used only for explicit support investigation; no routine browsing of Customer data. For Forge-native apps, no Redmoon staff can access App data.
IsolationForge-native apps run within Atlassian’s platform isolation; Redmoon backends run on managed cloud infrastructure with platform-level isolation.
Source code controlsSource code access restricted to authorised personnel bound by confidentiality obligations.
Hosting & resilienceRedmoon backends run on Google Cloud Platform (Google App Engine), providing multi-data-centre redundancy and an industry-standard uptime SLA. Forge-native storage runs on Atlassian’s platform under Atlassian’s published security and compliance programme.
Breach responseNotification to the Customer without undue delay after becoming aware of a Personal Data Breach, with information needed to support the Customer’s own notification obligations.

Annex III — Sub-processors and App Architecture

Sub-processors

Sub-processorRoleLocation of Processing
AtlassianOperates Jira Cloud and the Atlassian Forge platformAtlassian data centres (per Customer’s Atlassian data residency configuration)
Google Cloud Platform (Google App Engine)Hosts Redmoon-controlled backends for transitional and Connect appsUnited States (East Coast)

App architecture (as at the date of this DPA)

AppCloud architecture
Comment HistoryForge-native — UI and data both inside the Customer’s Atlassian Cloud site
Document VaultForge-native — UI and data both inside the Customer’s Atlassian Cloud site
Move ItForge-native — UI and data both inside the Customer’s Atlassian Cloud site
STM Issue TemplatesForge frontend + Redmoon backend (HTTPS + OAuth); migrating to Forge
Custom FieldsForge frontend + Redmoon backend (HTTPS + OAuth); migrating to Forge
Watch ItForge frontend + Redmoon backend (HTTPS + OAuth); migrating to Forge
STM LiteConnect app — UI and data on Redmoon backend
Comment Security DefaultNo Cloud release at present; Forge-native Cloud version expected
Secure AdminData Center only; no Cloud release

For an up-to-date answer for a specific App, contact support@redmoonsoftware.com and Redmoon will confirm the current state of that App.