Privacy Policy

Last updated: December 16, 2025

Zhade Labs (“Zhade”, “we”, “us”, or “our”) respects your privacy and is committed to protecting personal data. This Privacy Policy explains how we collect, use, store, and protect personal information when you use our websites, applications, and integrations (collectively, the “Services”).

This Privacy Policy is intended to describe our general data protection practices and does not create additional contractual obligations beyond those expressly set forth in our agreements with you.

This Privacy Policy applies to:

• our websites and online services;
• our software applications, including integrations distributed via third-party marketplaces (such as Atlassian Marketplace);
• related support, operational, marketing, and communication activities.

By using our Services, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Services.

1. Roles under data protection laws

Depending on the context, Zhade acts as:

Data Processor — when we process personal data on behalf of our customers, such as data originating from Jira, Atlassian, or other platforms through our integrations, and only in accordance with customer instructions and applicable agreements.

Data Controller — when we process personal data for our own purposes, such as operating our websites, handling support requests, managing communications, or conducting marketing activities.

2. Personal data we collect

We may collect and process the following categories of personal data:

a) Account and contact information

• name and email address;
• organization, workspace, or account identifiers;
• support and communication details.

b) Data processed through integrations

When customers use our integrations, we may process:

• user identifiers (such as account IDs or usernames);
• issue metadata, comments, configuration data, or similar content;
• events and technical records related to system operation, security, and troubleshooting.

The specific data processed depends on how the customer configures and uses the Service.

c) Technical and usage data

• IP address;
• device, browser, and operating system information;
• logs, timestamps, diagnostic data, and error reports;
• approximate location (such as country or region).

IP addresses are used primarily for security, fraud prevention, and abuse detection and are not used to identify individuals directly.

d) Marketing and communication data

• email address and communication preferences;
• correspondence history.

We do not intentionally collect special categories of personal data (such as data revealing health, biometric identifiers, political opinions, or religious beliefs).

3. How we use personal data

We process personal data only for legitimate and necessary purposes, including to:

• provide, operate, secure, and maintain the Services;
• process and synchronize data as requested by customers;
• provide customer support and respond to inquiries;
• monitor performance, availability, and security;
• improve functionality and user experience;
• comply with legal, regulatory, and contractual obligations;
• communicate service-related updates and important notices.

We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects.

4. Legal bases for processing (GDPR / UK GDPR)

For individuals located in the EEA, the United Kingdom, or Switzerland, we process personal data based on one or more of the following legal bases:

• contractual necessity — to provide and operate the Services;
• legitimate interests — such as ensuring security, preventing abuse, and improving the Services;
• consent — where required, for example for certain marketing communications;
• legal obligations — where processing is required by applicable law.

5. Sharing of personal data

We may share personal data only with:

• service providers and subprocessors (for example, hosting, logging, analytics, or customer support providers);
• marketplace partners where required to deliver or operate the Service;
• public or governmental authorities when legally required to do so.

All service providers and subprocessors are subject to contractual obligations regarding confidentiality, security, and data protection.

We do not sell personal data.

6. International data transfers

Customer data processed through the Services is primarily stored and processed in the European Union.

Our Services may involve processing personal data in multiple jurisdictions. Where personal data is transferred outside the EEA, the United Kingdom, or Switzerland, we ensure appropriate safeguards, such as:

• Standard Contractual Clauses (SCCs), where applicable; or
• other lawful transfer mechanisms recognized under applicable data protection laws.

Where required by law, you may request additional information about these safeguards by contacting us.

7. Data security

We implement appropriate technical and organizational measures designed to protect personal data, including:

• access controls and authentication mechanisms;
• encryption where appropriate;
• logging and monitoring of systems;
• least-privilege access principles.

While no system can be guaranteed to be 100% secure, we take reasonable and proportionate steps to protect personal data against unauthorized access, loss, or misuse.

8. Data retention

We retain personal data only for as long as necessary to:

• provide and operate the Services;
• fulfill contractual, legal, and regulatory obligations;
• resolve disputes and enforce our agreements.

Retention periods may vary depending on the nature of the data and the purpose of processing. Due to the nature of distributed systems, limited residual data may temporarily persist in backups or logs and is securely deleted on a rolling basis.

9. Your rights

Depending on your location and applicable law, you may have the right to:

• access your personal data;
• request correction or deletion;
• restrict or object to processing;
• request data portability;
• withdraw consent at any time where processing is based on consent.

We will respond to verified requests within the timeframes required by applicable law, typically within one month.

To exercise your rights, please contact us using the details below.

Where Zhade acts as a data processor, requests should be directed to the relevant customer acting as data controller.

10. Cookies and similar technologies

We use cookies and similar technologies (such as local storage and pixels) to operate and improve the Services, ensure security, remember preferences, and measure usage and performance. These technologies may be set by us or by trusted third-party service providers acting on our behalf.

You can control cookies through your browser or device settings. Disabling certain cookies may limit the availability or functionality of some features of the Services.

11. Children

Our Services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children.

12. Regional disclosures

California (CPRA)
Zhade does not “sell” or “share” personal information as defined by the California Privacy Rights Act. California residents may exercise their applicable rights, including access, deletion, correction, and opt-out of certain processing, by contacting us as described below. We do not discriminate against individuals for exercising these rights.

Other regions
Individuals located in jurisdictions with specific privacy regulations (such as Brazil’s LGPD, Canada’s PIPEDA, or Australia’s Privacy Act) may have additional rights. We will respond to requests in accordance with applicable law and our contractual obligations.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be published on this page with an updated “Last updated” date.

14. Contact us

If you have questions about this Privacy Policy or our data protection practices, please contact us at:

Email: privacy@zhadelabs.com