Privacy Policy

Effective Date: May 30, 2026 · Last Updated: June 4, 2026

In one line: Spec2Tickets is a Forge app that runs entirely on Atlassian's platform and, once configured, uses your own Anthropic API key (Bring Your Own Key). In this BYOK model, AI processing happens under your agreement with Anthropic, and Spec2JIRA operates no backend and never receives your data on its own servers. During your free trial, you can start on our Anthropic key — a small welcome credit — before adding your own; see Managed AI processing for how we handle your data then.
Naming: the app is published on the Atlassian Marketplace as Spec2Tickets; Spec2JIRA is the vendor name (and this site's domain). They are the same product.

1. Overview

Spec2Tickets for Confluence and Jira ("the App") converts a Confluence page into a structured Jira breakdown — an Epic, Stories, Subtasks, and dependency links. This Privacy Policy explains what data the App handles and how.

2. Architecture and Data Flow

The App runs entirely on the Atlassian Forge platform — there is no Spec2JIRA-operated server or backend. It has two external touch-points:

Spec2JIRA operates no server or database of its own, so it stores no content on Spec2JIRA-operated infrastructure. Under BYOK, the only parties that handle your content are Atlassian (the Forge platform your instance runs on) and Anthropic (under your own API key).

During your free trial, Spec2Tickets may additionally call Anthropic under its own account (a welcome credit) to generate your breakdown — still from Atlassian Forge, with no vendor server. This managed processing is described below and in our DPA.

3. Data the App Processes

4. AI Processing and Anthropic (Bring Your Own Key)

The App does not run its own AI models and does not use a shared AI service. All AI processing is performed by Anthropic's Claude via the Anthropic API, authenticated with the API key you provide. Because the key is yours:

If no Anthropic API key is configured, the App cannot generate a breakdown and no page content is sent beyond Atlassian.

Managed AI processing (during your free trial)

During your free trial, Spec2Tickets can run Claude for you on our own Anthropic account — so you can try the App before supplying your own key. This uses a small welcome credit; once that credit is used, or as soon as you configure your own Anthropic key, the App switches to Bring-Your-Own-Key (BYOK) and the rest of this policy applies. Because managed processing changes who processes your content, we summarise its data handling here.

While Spec2Tickets runs Claude for you on our own account (the welcome credit), the data handling differs from BYOK in these specific, disclosed ways:

5. Data Storage and Retention

The App stores data only in Atlassian Forge Key-Value Storage, inside your own Atlassian instance's app storage (encrypted and managed by Atlassian):

Spec2JIRA keeps no copy of your content on any Spec2JIRA-operated system, because there is none.

6. Data Spec2JIRA Does NOT Have

Spec2JIRA, as the vendor, operates no server or database of its own. Under BYOK (your own key), it does not receive, store, or have access to:

During your free trial, while Spec2Tickets calls Anthropic under its own account (managed processing), it still runs no server of its own and stores no content on vendor infrastructure; it acts as a processor of that content on your instructions. See the Managed AI processing section and our DPA for its role and retention details.

7. Sub-processors and Third Parties

The App sends data to no other external service. Its only configured network egress is to api.anthropic.com.

8. Data Residency

The App runs within the Atlassian Forge platform. AI processing occurs in Anthropic's API regions per your Anthropic account. Your source content remains in your Atlassian instance, under your control.

9. GDPR

You (the customer) are the data controller for any personal data in your Confluence pages and Jira projects. Under BYOK, Anthropic processes the content you choose to send under your own agreement with Anthropic, and Spec2JIRA is neither a controller nor a processor of that content (it operates no systems that receive it). In all cases, Spec2JIRA stores no end-user content on its own systems.

During your free trial (managed processing), Spec2Tickets acts as your processor and Anthropic as its sub-processor, governed by our Data Processing Addendum; your data-subject rights are supported as set out there.

Spec2JIRA holds no personal data on its own systems — it operates none. Under BYOK, your data resides in your Atlassian instance and, transiently, with Anthropic under your own key — both of which you control. During the free trial, that transient AI processing runs under our Anthropic account instead, subject to the DPA and to Anthropic's retention schedule (about 29 days); it is still stored on no Spec2JIRA-operated system.

10. Security

11. Access Control

Reading pages and creating issues use the signed-in user's own Atlassian permissions (asUser) — users can only act on content they already have access to. Configuration (the Anthropic API key and default project key) is set by an Atlassian administrator via Settings → Spec2Tickets.

12. Children's Privacy

The App is intended for professional software teams and is not directed to individuals under the age of 16.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes are posted on this page with an updated date; material changes will also be noted on the Atlassian Marketplace listing.

14. Contact

For questions about this Privacy Policy or the App's data practices: