1. Introduction
RevYou.cloud ("we", "us", "our") is a web-based application that integrates with Atlassian Jira to provide AI-powered analysis of employee work activity. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our Service at https://revyou.cloud.
By creating an account or connecting your Jira workspace, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.
2. Information We Collect
2.1 Account Information
When you register for RevYou.cloud, we collect:
Email address — provided during registration, used as your login credential.
Password — stored in hashed form; we never store or have access to your plaintext password.
2.2 Jira Integration Data (via Atlassian OAuth 2.0)
When you connect your Atlassian Jira account, we request access through Atlassian's OAuth 2.0 (3LO) authorization flow with the following scopes:
read:jira-work — read Jira issues, comments, worklogs, projects, and changelogs.
read:jira-user — search for and read Jira user profiles (display name, account ID, email address).
We store the following Atlassian credentials in our database, associated with your account:
OAuth Access Token — short-lived token used to make API requests to Jira on your behalf.
Refresh Token — used to obtain new access tokens when the current one expires.
Cloud ID — identifies your Atlassian Cloud instance.
We only request read-only access. We never create, modify, or delete any data in your Jira instance.
2.3 Jira Workspace Data Retrieved
Through the Jira API, we retrieve the following data about the worker being analyzed:
Issues — issue key, summary, description, status, priority, type, creation/update dates, due dates, resolution dates, project information, assignee and reporter details.
Comments — comment text, author, creation and update timestamps for comments authored by the analyzed worker.
Worklogs — time tracking entries including time spent, start time, and optional comments authored by the analyzed worker.
Changelog — history of status transitions and field changes on issues.
Projects — project keys and names accessible within the connected Jira instance.
User profiles — display name, account ID, and email address used to identify the worker in Jira.
2.4 AI Analysis Results
We generate and store AI-produced analysis reports based on the retrieved Jira data. These reports may include productivity assessments, work pattern summaries, and performance insights.
3. How We Use Your Information
We use the collected information for the following purposes:
Authentication and account management — to verify your identity and manage your account.
Jira data retrieval — to fetch relevant work data from your connected Jira instance.
AI-powered analysis — to analyze worker activity and generate performance reports.
Incremental synchronization — to efficiently load only new or updated data since the last sync.
Service improvement — to monitor, maintain, and improve the reliability and functionality of the Service.
We do not use your data for advertising, marketing to third parties, or building user profiles for purposes unrelated to the Service.
4. Data Storage & Security
4.1 Infrastructure
All data is stored on Amazon Web Services (AWS) infrastructure in the US East (N. Virginia) region (us-east-1):
Amazon S3 — stores retrieved Jira data (issues, comments, worklogs, activities) and AI analysis results as JSON/JSONL files.
Amazon DynamoDB — stores account information, OAuth tokens, and application metadata.
4.2 Security Measures
Encryption in transit — all communication between your browser, our servers, and AWS services is encrypted using TLS/HTTPS.
Encryption at rest — data stored in S3 and DynamoDB is encrypted using AWS-managed encryption keys.
Password hashing — user passwords are cryptographically hashed before storage.
Token security — OAuth access tokens and refresh tokens are stored securely, associated with and accessible only to the authenticated user.
Least privilege access — we request only read-only Jira scopes and access only the minimum data necessary to provide the Service.
5. Data Sharing & Disclosure
We do not sell, rent, or trade your personal information to third parties. We may share data with the following categories of recipients:
Cloud infrastructure providers — Amazon Web Services (AWS) hosts our data storage and computing infrastructure under their data processing agreements.
AI service providers — we use third-party AI models to analyze Jira data. Data sent to AI providers is used solely for generating analysis results and is subject to their data processing terms.
Legal obligations — we may disclose information if required by law, regulation, legal process, or enforceable government request.
We do not share your raw Jira data or OAuth tokens with any other third parties.
6. Data Retention
Account data — retained for as long as your account is active. Upon account deletion, we delete your account data within 30 days.
Jira data and analysis results — retained for as long as your account is active and your Jira integration is connected. Data may be deleted upon request.
OAuth tokens — retained while your Jira integration is active. Tokens are deleted when you disconnect your Jira account or delete your RevYou.cloud account.
You may request deletion of all your data at any time by contacting us at info@skillmatch.cloud.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
Access — request a copy of the personal data we hold about you.
Correction — request that we correct inaccurate or incomplete personal data.
Deletion — request that we delete your personal data and associated Jira data.
Revoke Jira access —
disconnect your Jira integration at any time through your RevYou.cloud account settings or by revoking access at id.atlassian.com.
Data portability — request your data in a machine-readable format.
To exercise any of these rights, contact us at info@skillmatch.cloud. We will respond within 30 days.
8. Atlassian Integration
RevYou.cloud connects to Atlassian Jira Cloud using Atlassian's OAuth 2.0 (3LO) authorization framework:
Authorization — you explicitly authorize the connection by logging in through Atlassian's consent screen, which displays the requested permissions.
Scope limitations — we only request read:jira-work and read:jira-user scopes. We never write to, modify, or delete any data in your Jira instance.
Token management — access tokens are short-lived and automatically refreshed. You can revoke access at any time.
Data access — we only access Jira data necessary to perform the worker analysis you request.
Our use of information received from Atlassian APIs adheres to Atlassian's developer terms and guidelines.
9. International Data Transfers
Your data is processed and stored on AWS servers in the United States (us-east-1 region). If you are located outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We rely on AWS's compliance certifications and data processing agreements to ensure adequate protection of transferred data.
10. Children's Privacy
RevYou.cloud is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on our website and updating the "Last Updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.