Privacy Policy — BulkOps for Jira

Effective date: 10 May 2026 Last updated: 10 May 2026

This Privacy Policy describes how the BulkOps for Jira application (“BulkOps”, “the app”, “we”, “us”) handles information when you install and use it on your Atlassian Jira Cloud site.

BulkOps is built on the Atlassian Forge platform. Forge apps run inside Atlassian’s cloud infrastructure; BulkOps does not operate any external servers and does not transmit your Jira data to any third party.

1. Who we are

BulkOps is published by:

Vendor: IT Superhighway Inc.
Contact email: [email protected]
Support portal: https://itsuperhighway.atlassian.net/servicedesk/customer/portal/6

For privacy-related questions or requests (access, correction, deletion), please contact us at the email above. We will respond within 30 days.

2. Scope of this policy

This policy applies only to the BulkOps app. It does not cover:

Atlassian’s own collection and processing of data within Jira Cloud (see the Atlassian Privacy Policy).
Any third-party app you install on the same Jira site.

3. Information BulkOps accesses

BulkOps requests the following Forge OAuth 2.0 scopes, declared in manifest.yml:

Scope	Why it is needed
`read:jira-work`	Read issues, projects, statuses, and field values that are the target of bulk operations.
`write:jira-work`	Apply bulk changes (edit fields, transition, watch/unwatch, move, delete) to the issues you select.
`storage:app`	Persist user-defined presets, scheduled-operation definitions, and operation history logs in Forge’s hosted key-value store.

All Jira API calls are made as the signed-in user (asUser()), not as the app. This means BulkOps can only access data that you yourself are permitted to see and modify in Jira.