1. Introduction
RevYou.cloud ("we", "us", "our") is a web-based application that integrates with Atlassian Jira and Confluence to provide AI-powered SFIA skill analysis. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our Service at https://revyou.cloud.
By creating an account or connecting your Atlassian workspace, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.
2. Information We Collect
2.1 Account Information
When you register for RevYou.cloud, we collect:
Email address — provided during registration, used as your login credential.
Password — stored in hashed form; we never store or have access to your plaintext password.
2.2 Atlassian Integration Data (via Atlassian OAuth 2.0)
When you connect your Atlassian account, we request access through Atlassian's OAuth 2.0 (3LO) authorization flow with the following read-only scopes:
read:jira-work — read Jira issues, comments, worklogs, projects, and changelogs.
read:jira-user — search for and read Jira user profiles (display name, account ID, email address).
read:servicedesk-request - read service desk request context where enabled and accessible to the connected user.
read:servicemanagement-insight-objects - read service management insight object context where enabled and accessible to the connected user.
read:confluence-content.all - read Confluence pages and page content accessible to the connected user.
read:confluence-content.summary - read Confluence page summaries and metadata.
search:confluence - search Confluence for relevant pages, comments, mentions, and references.
read:confluence-space.summary - read Confluence space names, keys, and summary metadata.
read:confluence-user - read Confluence user/account information needed to match workers to Atlassian account IDs.
We store the following Atlassian credentials in our database, associated with your account:
OAuth Access Token — short-lived token used to make API requests to Jira and Confluence on your behalf.
Refresh Token — used to obtain new access tokens when the current one expires.
Cloud ID — identifies your Atlassian Cloud instance.
We only request read-only Atlassian access. We never create, modify, or delete data in your Jira or Confluence instance.
2.3 Confluence Integration Data Retrieved
When Confluence is enabled, we may retrieve read-only Confluence data accessible to the connected user for SFIA analysis and cross-source context:
Pages and page metadata - page IDs, titles, spaces, links, authors/contributors, creation and update timestamps.
Page content or excerpts - limited content excerpts needed for analysis of documentation, architecture/design participation, runbooks, postmortems, onboarding, and knowledge ownership.
Comments - comment metadata and excerpts authored by or referencing the analyzed worker where accessible.
Labels and topics - labels, detected document types, and topical signals used to understand knowledge domains.
Spaces - space keys/names and summary metadata for organizational context.
Authors, contributors, mentions, and references - Atlassian account IDs and references needed to identify worker contributions and collaboration context.
Attachments metadata - attachment names and metadata may be processed if attachment metadata analysis is enabled; we do not modify attachments.
2.4 Jira Workspace Data Retrieved
Through the Jira API, we retrieve the following data about the worker being analyzed:
Issues — issue key, summary, description, status, priority, type, creation/update dates, due dates, resolution dates, project information, assignee and reporter details.
Comments — comment text, author, creation and update timestamps for comments authored by the analyzed worker.
Worklogs — time tracking entries including time spent, start time, and optional comments authored by the analyzed worker.
Changelog — history of status transitions and field changes on issues.
Projects — project keys and names accessible within the connected Jira instance.
User profiles — display name, account ID, and email address used to identify the worker in Jira.
2.5 AI Analysis Results
We generate and store AI-produced SFIA analysis reports based on connected GitHub, Jira, Confluence, and uploaded-file data where enabled. Confluence is used as qualitative evidence for documentation, knowledge-sharing, architecture/design participation, runbooks, postmortems, onboarding, organizational knowledge ownership, collaboration context, and domain expertise visibility.
3. How We Use Your Information
We use the collected information for the following purposes:
Atlassian data retrieval - to fetch relevant Jira and Confluence data accessible to the connected user.
AI-powered SFIA analysis - to analyze skill evidence and generate SFIA reports, development plans, and cross-source insights.
Documentation and knowledge-sharing assessment - to understand qualitative evidence of documentation contribution, knowledge management, architecture/design participation, organizational contribution, and collaboration context.
Authentication and account management — to verify your identity and manage your account.
Jira data retrieval — to fetch relevant work data from your connected Jira instance.
AI-powered analysis — to analyze SFIA skill evidence and generate development reports.
Incremental synchronization — to efficiently load only new or updated data since the last sync.
Service improvement — to monitor, maintain, and improve the reliability and functionality of the Service.
We do not use Confluence as a standalone productivity surveillance score, and we do not rank employees solely by Confluence activity. Lack of Confluence content is treated as missing or inaccessible evidence, not as poor performance.
We do not use your data for advertising, marketing to third parties, or building user profiles for purposes unrelated to the Service.
4. Data Storage & Security
4.1 Infrastructure
All data is stored on Amazon Web Services (AWS) infrastructure in the US East (N. Virginia) region (us-east-1):
Amazon S3 — stores retrieved Atlassian data (Jira issues/comments/worklogs and Confluence excerpts/metadata where enabled) and AI analysis results as JSON/JSONL files.
Amazon DynamoDB — stores account information, OAuth tokens, and application metadata.
4.2 Security Measures
Encryption in transit — all communication between your browser, our servers, and AWS services is encrypted using TLS/HTTPS.
Encryption at rest — data stored in S3 and DynamoDB is encrypted using AWS-managed encryption keys.
Password hashing — user passwords are cryptographically hashed before storage.
Token security — OAuth access tokens and refresh tokens are stored securely, associated with and accessible only to the authenticated user.
Least privilege access — we request only read-only Jira and Confluence scopes and access only the minimum data necessary to provide the Service.
5. Data Sharing & Disclosure
We do not sell, rent, or trade your personal information to third parties. We may share data with the following categories of recipients:
Cloud infrastructure providers — Amazon Web Services (AWS) hosts our data storage and computing infrastructure under their data processing agreements.
AI service providers — we use third-party AI models to analyze Jira, Confluence, GitHub, and uploaded-file data where enabled. Data sent to AI providers is used solely for generating analysis results and is subject to their data processing terms.
Legal obligations — we may disclose information if required by law, regulation, legal process, or enforceable government request.
We do not share your raw Jira data, raw Confluence data, or OAuth tokens with any other third parties.
6. Data Retention
Confluence data and analysis results - retained for as long as your account is active and your Atlassian integration is connected. Data may be deleted upon request.
Account data — retained for as long as your account is active. Upon account deletion, we delete your account data within 30 days.
Jira data and analysis results — retained for as long as your account is active and your Jira integration is connected. Data may be deleted upon request.
OAuth tokens — retained while your Atlassian integration is active. Tokens are deleted when you disconnect your Atlassian account or delete your RevYou.cloud account.
You may request deletion of all your data at any time by contacting us at info@skillmatch.cloud.
7. Your Rights
Revoke Atlassian access - disconnect Jira/Confluence in RevYou.cloud settings or revoke access through Atlassian at any time.
Depending on your jurisdiction, you may have the following rights regarding your personal data:
Access — request a copy of the personal data we hold about you.
Correction — request that we correct inaccurate or incomplete personal data.
Deletion — request that we delete your personal data and associated Jira/Confluence data.
Revoke Jira access —
disconnect your Jira integration at any time through your RevYou.cloud account settings or by revoking access at id.atlassian.com.
Data portability — request your data in a machine-readable format.
To exercise any of these rights, contact us at info@skillmatch.cloud. We will respond within 30 days.
8. Atlassian Integration
RevYou.cloud connects to Atlassian Jira and Confluence Cloud using Atlassian's OAuth 2.0 (3LO) authorization framework. The product requests read-only access only.
Read-only scopes requested - read:jira-work, read:jira-user, read:servicedesk-request, read:servicemanagement-insight-objects, read:confluence-content.all, read:confluence-content.summary, search:confluence, read:confluence-space.summary, read:confluence-user.
Confluence usage - Confluence evidence is used for SFIA skill analysis, documentation and knowledge-sharing assessment, organizational contribution context, and cross-source insights with Jira/GitHub where enabled.
No Confluence modification - we do not create, edit, delete, or otherwise modify Confluence spaces, pages, comments, labels, or attachments.
No standalone activity scoring - we do not use Confluence as a standalone productivity surveillance score and do not rank employees solely by Confluence activity.
RevYou.cloud connects to Atlassian Jira Cloud using Atlassian's OAuth 2.0 (3LO) authorization framework:
Authorization — you explicitly authorize the connection by logging in through Atlassian's consent screen, which displays the requested permissions.
Scope limitations — we request read-only Jira and Confluence scopes only. We never write to, modify, or delete data in your Jira or Confluence instance.
Token management — access tokens are short-lived and automatically refreshed. You can revoke access at any time.
Data access — we only access Jira and Confluence data necessary to perform the worker analysis you request.
Our use of information received from Atlassian APIs adheres to Atlassian's developer terms and guidelines.
9. International Data Transfers
Your data is processed and stored on AWS servers in the United States (us-east-1 region). If you are located outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We rely on AWS's compliance certifications and data processing agreements to ensure adequate protection of transferred data.
10. Children's Privacy
RevYou.cloud is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on our website and updating the "Last Updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.