Effective date: March 1, 2026
This Privacy Policy explains how Phoebuz ("we," "us," or "our"), operating at phoebuz.com, collects, uses, stores, and protects personal data when you use ASYNC, our engineering intelligence platform built on Atlassian Forge for Jira Cloud.
We are committed to protecting your privacy and processing your data in compliance with the General Data Protection Regulation (GDPR), the UK GDPR, and other applicable data protection legislation. By installing or using ASYNC, you acknowledge the practices described in this policy.
If you have any questions about this policy or our data practices, please contact us at info@phoebuz.com.
Phoebuz acts as a data processor on behalf of your organisation (the data controller) when processing data through ASYNC. For any data we process independently (e.g., account and billing information), Phoebuz acts as the data controller.
Contact details:
ASYNC collects and processes the following categories of data from your connected services to provide engineering intelligence insights:
We process your data under the following legal bases as defined by GDPR Article 6:
| Purpose | Legal Basis |
|---|---|
| Providing ASYNC functionality and intelligence synthesis | Performance of a contract (Art. 6(1)(b)) |
| OAuth-based integration with third-party services | Legitimate interest (Art. 6(1)(f)) |
| AI/LLM processing for intelligence generation | Legitimate interest (Art. 6(1)(f)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
ASYNC connects to third-party services through secure OAuth 2.0 flows. Each integration uses organisation-scoped tokens, meaning ASYNC only accesses resources within the scope your organisation administrator has authorised.
OAuth tokens are encrypted and stored securely within Atlassian Forge Storage. You may revoke ASYNC's access at any time through the respective service's application management settings or through ASYNC's configuration panel in Jira.
All data processed by ASYNC is stored in Atlassian Forge Storage, which provides:
ASYNC may process your engineering data using large language models (LLMs) and artificial intelligence services to generate intelligence summaries, risk assessments, and actionable insights. The following AI providers may be used:
api.anthropic.com.api.openai.com.generativelanguage.googleapis.com.When data is sent to these providers for processing:
ASYNC communicates with the following external services from within the Atlassian Forge runtime environment:
| Service | Endpoint | Purpose |
|---|---|---|
| GitHub | api.github.com |
Pull requests, commits, reviews, CI status |
| Slack | slack.com |
Channel messages, blocker signals |
| Zoom | api.zoom.us |
Meeting metadata, recordings, attendees |
| Anthropic | api.anthropic.com |
AI/LLM intelligence synthesis |
| OpenAI | api.openai.com |
AI/LLM intelligence synthesis |
| Google AI | generativelanguage.googleapis.com |
AI/LLM intelligence synthesis |
All external connections are declared in the ASYNC Forge app manifest and are restricted to the endpoints listed above. No other outbound connections are made.
ASYNC retains processed engineering data according to configurable retention periods based on your user tier:
| Tier | Retention Period |
|---|---|
| Small Teams (0–10 users) | 14 days |
| Growing Teams (11–250 users) | 30 days |
| Enterprise (251+ users) | 90 days |
After the retention period expires, data is automatically and permanently deleted from Forge Storage. Your organisation administrator may also manually trigger data deletion at any time from within ASYNC's settings.
Upon app uninstallation, all data stored in Forge Storage for your Jira Cloud site is deleted in accordance with Atlassian's Forge app data lifecycle policies.
If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under GDPR Articles 15 through 22:
To exercise any of these rights, please contact us at info@phoebuz.com. We will respond to your request within 30 days, as required by law. If your request is complex, we may extend this period by up to two additional months and will inform you of any such extension.
You also have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not complied with applicable data protection laws.
ASYNC does not use cookies, local storage, or any browser-based tracking mechanisms. As a Forge app, ASYNC runs entirely within Jira Cloud's sandboxed iframe environment and does not have the ability to set cookies or access browser storage outside of that iframe.
We do not use any third-party analytics, advertising trackers, or pixel-based tracking within the ASYNC application.
Your data may be processed in regions outside of your country of residence, including countries outside the EEA. When data is transferred internationally:
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will:
ASYNC is a business-to-business product designed for use by organisations and their employees. We do not knowingly collect personal data from children under the age of 16. If you believe a child has provided us with personal data, please contact us at info@phoebuz.com and we will promptly delete that data.
We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or the functionality of ASYNC. When we make material changes:
If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:
We aim to resolve all privacy-related inquiries promptly and within the timeframes required by applicable data protection legislation.