Greenlight — Privacy Policy

Effective date: 17 June 2026 Provider: Vladimir Maslov ("we", "us") Privacy contact: akvola.bean.cg@gmail.com

This policy explains what data the Greenlight app for Confluence Cloud processes, where it is stored, and how it is handled. Greenlight is a Runs on Atlassian app: it runs entirely on Atlassian's Forge platform and transfers no data outside the Atlassian cloud.

Roles and lawful basis

For customers subject to the GDPR (and similar laws), the customer is the data controller and Vladimir Maslov acts as a data processor. We process the limited data below only on the customer's documented instructions (Art. 28 GDPR) to provide the app's functionality; the customer is responsible for the lawful basis for processing their users' data. For CCPA purposes we act as a service provider and do not sell or share personal information.

What we process

Greenlight processes only the minimum needed to show and manage page-approval status. It is useful to separate what is stored from what is merely read at render:

Stored (in Atlassian Forge storage): - Atlassian account IDs of users who interact with an approval (assigned approvers, the editor who enables approval, the approver who approves). These are opaque Atlassian identifiers — we do not store names, email addresses, or profile data. - Confluence identifiers — the page ID and space ID an approval applies to. - Approval records — whether approval is enabled, the configured approver list and policy, the approved version, and approval events (which account approved, at which version, and when). - Edit-restriction snapshots — when the optional lock-after-approval feature is used, the page's pre-existing edit restrictions, so they can be restored exactly on unlock.

Read live at render, not stored — to compute the approval status the app reads a page's current version number, title, and lifecycle state (e.g. current / archived) from the Confluence REST API. These are used in the moment and are not persisted (the approval status itself is computed, not read or stored). The app does not read or store page body content.

Greenlight uses no cookies, analytics, advertising, or tracking technology.

Where it is stored, and international transfers

All stored data lives in Atlassian Forge storage (Key-Value Store) on Atlassian's infrastructure, within your Atlassian site's data-residency region. Greenlight has no servers of its own, makes no outbound calls to any non-Atlassian destination, and uses no third-party sub-processors. Because the app neither pins nor migrates data itself and never moves data off Atlassian, any cross-border transfer is governed by Atlassian's own data-residency controls and Standard Contractual Clauses, not by a separate Greenlight transfer.

How we use it

Solely to provide the app's functionality: computing and displaying approval status on your pages, notifying approvers via native Confluence comment @mentions, and applying/removing the optional edit lock. We do not sell, share, or use this data for any other purpose.

Retention and deletion

Security

Data is encrypted in transit and at rest by the Atlassian Forge platform, with tenant isolation. See our Security Statement for details (scopes, authorization model, hosting).

Data sharing

None. No data is shared with us or any third party; it never leaves the Atlassian cloud.

Your rights

As processor we assist the controller (your Atlassian administrator) in fulfilling data-subject requests — access, rectification, erasure, restriction, portability, and objection. Because we store only opaque account IDs and approval metadata, most requests are satisfied by the administrator within Confluence (e.g. removing an approver, deleting the page, or uninstalling). For escalation, contact akvola.bean.cg@gmail.com. A Data Processing Addendum is available on request.

Changes

We may update this policy; material changes will be reflected on the listing with a new effective date.

Contact

akvola.bean.cg@gmail.com.