Pulse runs entirely within the Atlassian Forge platform. No external servers, no third-party APIs, no data leaving the Atlassian cloud. Your content stays where it belongs.
Last updated: April 2026
Unlike many Marketplace apps, Pulse has no external backend, no cloud rendering service, and no third-party API calls. Everything runs within Atlassian's Forge sandbox.
Pulse only reads your Confluence content — it cannot modify, delete, or create any pages. The minimum possible permission footprint.
Pulse never stores your page content. Only aggregated numerical scores are persisted. Your content is analyzed in-memory and immediately discarded.
We do not collect, store, or process any personal user data. No analytics, no tracking, no advertising — ever.
How Pulse accesses, processes, and stores data
Pulse reads your Confluence pages through official Atlassian APIs within the Forge sandbox. Content is analyzed in-memory using our proprietary scoring engine.
Only aggregated, numerical scores are stored in Forge SQL. No raw page content, no user data, no content copies.
Scores are displayed in the app's dashboard. All data remains within the Atlassian cloud environment at all times.
| Data Type | Location | Retention | Encrypted |
|---|---|---|---|
| Aggregated scan scores | Forge SQL (Atlassian cloud) | Until app is uninstalled | ✅ At rest & in transit |
| Content policy rules | Forge SQL (Atlassian cloud) | Until deleted by admin or app uninstalled | ✅ At rest & in transit |
| App configuration | Forge App Storage | Until app uninstalled | ✅ At rest & in transit |
| Raw page content | — | — | Not stored |
| Personal user data | — | — | Not collected |
Third-party services involved in data processing
| Service | Provider | Purpose | Data Location | Data Stored |
|---|---|---|---|---|
| Atlassian Forge | Atlassian | App runtime, SQL database, storage | Per customer's Atlassian data residency | Aggregated scores, app config |
Pulse uses no other sub-processors. There are no external APIs, no cloud rendering services, and no third-party data processing of any kind.
Every permission explained
Pulse requests only 4 scopes — all read-only (plus app storage). No write permissions, no search permissions, no attachment access.
Measures we implement to protect your data
How we handle security incidents and vulnerabilities
Report a security issue: admin@bytera.tech — Subject: "Security Incident" or "Vulnerability Report"
Support Portal: Bytera Support
| Phase | Action | Timeline |
|---|---|---|
| Acknowledgment | Confirm receipt and assign severity level | Within 24 hours |
| Triage | Assess scope, impact, and affected systems | Within 48 hours |
| Containment | Isolate affected components; disable features if necessary | Immediate upon confirmation |
| Remediation | Develop and deploy a fix | Based on severity |
| Notification | Notify affected customers with details and remediation steps | Within 72 hours of confirmation |
| Post-Mortem | Document root cause, lessons learned, and preventive measures | Within 2 weeks |
| Severity | Description | Target Resolution |
|---|---|---|
| Critical | Active exploitation, data breach, or complete service compromise | Within 24 hours |
| High | Vulnerability with significant impact potential but no active exploitation | Within 72 hours |
| Medium | Vulnerability with limited impact or requiring specific conditions | Within 1 week |
| Low | Minor issue with minimal security impact | Next scheduled release |
Our severity timelines align with the Atlassian Security Bug Fix Policy for Marketplace Partners.
Regulatory and platform compliance
Bytera follows data minimization and purpose limitation principles. Since Pulse has no external sub-processors and stores no personal data, the compliance surface is minimal.
Pulse adheres to all Atlassian Marketplace Partner requirements for security, privacy, and the Security Bug Fix Policy.
By building on Forge, Pulse inherits Atlassian's SOC 2 Type II certified infrastructure controls and benefits from their security-first platform architecture.
No. Pulse analyzes content in-memory and only stores aggregated numerical scores. Your raw page content is never copied, stored, or persisted anywhere.
No. Pulse runs entirely within the Atlassian Forge platform. There are no external API calls, no external backends, and no data transmission outside of Atlassian's infrastructure.
No. We do not collect, store, or process any personal user data. We only access the Atlassian Account ID provided in the app context for permission checks.
No. Pulse has strictly read-only access. It cannot create, modify, or delete any pages, spaces, or content in your Confluence instance.
Yes. Since we don't store personal data and have no external sub-processors, the compliance surface is minimal. Users can request data access, correction, or deletion at any time.
All app-related data (scan scores, content policies, configuration) is automatically removed by the Atlassian Forge platform. No residual data remains.
Please contact us immediately at admin@bytera.tech with the subject line "Security Concern". We respond within 24 hours.
We're committed to transparency. If you have any questions about our security practices, data handling, or need additional information for your security review, please don't hesitate to contact us.