KUBERSTARKUBERSTAR
FileWarden · Privacy

Privacy Policy

Last updated: June 21, 2026

FileWarden is an attachment-governance app for Jira Cloud, built by KUBERSTAR on Atlassian Forge. This policy explains what FileWarden does - and does not do - with your data.

On Atlassian

Forge KVS only

No egress

No third parties

No user-data logs

Event + status only

Auto-deleted

Within 30 days of uninstall

The short version

FileWarden runs entirely on Atlassian Forge. It stores its state in Forge KVS, makes no external network calls, and shares nothing with third parties. Its optional secret and PII scan reads text files on-platform without ever showing or logging the matched value, and Forge deletes all app storage within 30 days of uninstall.

Where your data is stored

All FileWarden state - policies, the audit log, idempotency markers, and settings - is stored in Forge KVS, which is Atlassian-hosted. Nothing is stored or processed outside Atlassian, and FileWarden makes no external network calls.

What we log

FileWarden does not log end-user data. Its logs are sparse single-line JSON of an event name plus a status or issue ID only - no filenames, no account IDs, and no payloads. When the content scan finds a leaked secret or PII, it records only that a match was found - never the matched value or the file contents.

Third parties and sub-processors

None. FileWarden shares no data with third parties, uses no sub-processors, and performs no external egress. Because nothing leaves Atlassian, there is no data to share with anyone.

Data residency

Data is stored exclusively within Atlassian and Forge, so data residency follows the host product. Any residency migration is handled by the Atlassian and Forge platform; there are no partner-side copies to migrate.

Data retention

Forge automatically deletes all app storage within 30 days of uninstall. FileWarden keeps no additional retention beyond that platform window, and stores nothing on our own servers.

Credentials and encryption

FileWarden collects, transmits, and stores no personal access tokens, passwords, or shared secrets. Encryption at rest is provided by Forge and Atlassian, and transport security (TLS 1.2+/HSTS) is handled by the platform.

Your roles and rights

Under the GDPR, FileWarden acts as a Processor - it operates only on the customer's instructions, and the customer is the Controller. Under the CCPA, FileWarden acts as a Service Provider. Decisions use filename, declared MIME type, and size, plus an optional on-platform scan of text-file contents for leaked secrets and PII; the matched value is never shown or logged, and no PII is collected beyond what Atlassian already holds.

Compliance and certifications

FileWarden claims no compliance certifications (no SOC 2, ISO 27001, HIPAA, or FedRAMP). The Atlassian Developer Terms and Atlassian's customer DPA cover the processing; no separate partner DPA is required for a no-egress app.

Changes to this policy

If we change how FileWarden handles data, we will update this page and the "last updated" date above. Material changes will be reflected in an app update.

Contact

Questions about this policy? Email security@kuberstar.com or visit the FileWarden support page.

About this page: kuberstar.com uses privacy-friendly, cookieless analytics (Plausible) that does not identify visitors. This does not apply to the FileWarden app itself, which makes no external network requests at all.