Pulse runs entirely within the Atlassian Forge platform — no external backend, and your Confluence content never leaves the Atlassian cloud. AI features run on Atlassian's own Forge AI service; the only outbound connection is declared product telemetry.
Last updated: June 2026
Pulse has no external backend and no cloud rendering service. Content analysis runs in the Forge sandbox, and AI features use Atlassian's own Forge AI service inside the platform — never a third-party AI provider.
Pulse only reads your Confluence content — it cannot modify, delete, or create any pages. The minimum possible permission footprint.
Pulse never stores your page bodies. Only scores and page titles are persisted. Your content is analyzed in-memory and immediately discarded.
We never collect names, emails, or profile data. Product telemetry is limited to pseudonymous feature-usage events — no content, no advertising, no cross-site tracking.
How Pulse accesses, processes, and stores data
Pulse reads your Confluence pages through official Atlassian APIs within the Forge sandbox. Content is analyzed in-memory using our proprietary scoring engine.
Only scores and page titles are stored in Forge SQL. No page bodies, no user profile data, no content copies.
Scores are displayed in the app's dashboard. All data remains within the Atlassian cloud environment at all times.
| Data Type | Location | Retention | Encrypted |
|---|---|---|---|
| Scan scores & page titles | Forge SQL (Atlassian cloud) | Until app is uninstalled | ✅ At rest & in transit |
| Content policy rules | Forge SQL (Atlassian cloud) | Until deleted by admin or app uninstalled | ✅ At rest & in transit |
| App configuration | Forge App Storage | Until app uninstalled | ✅ At rest & in transit |
| Page bodies / raw content | — | — | Not stored |
| Names, emails, profile data | — | — | Not collected |
Every service involved in running Pulse
| Service | Provider | Purpose | Data Location | Data Stored |
|---|---|---|---|---|
| Atlassian Forge | Atlassian | App runtime, SQL database, storage, Forge AI (Advanced edition's semantic duplicate detection) | Per customer's Atlassian data residency | Scores, page titles, app config |
| PostHog | PostHog Inc. | Usage metrics — an Atlassian-approved analytics tool, declared in the Forge manifest (end-user data out of scope) | United States | Feature-usage counts only — no content, no titles, no names/emails |
Pulse uses no other external services. Your Confluence content is processed exclusively within Atlassian's platform — including AI processing, which runs on Atlassian Forge AI rather than a third-party AI provider.
Every permission explained
Every content scope Pulse requests is read-only (plus app storage). No write permissions, no search permissions, no attachment access.
Measures we implement to protect your data
How we handle security incidents and vulnerabilities
Report a security issue: support@bytera.tech — Subject: "Security Incident" or "Vulnerability Report"
Support Portal: Bytera Support
| Phase | Action | Timeline |
|---|---|---|
| Acknowledgment | Confirm receipt and assign severity level | Within 24 hours |
| Triage | Assess scope, impact, and affected systems | Within 48 hours |
| Containment | Isolate affected components; disable features if necessary | Immediate upon confirmation |
| Remediation | Develop and deploy a fix | Based on severity |
| Notification | Notify affected customers with details and remediation steps | Within 72 hours of confirmation |
| Post-Mortem | Document root cause, lessons learned, and preventive measures | Within 2 weeks |
| Severity | Description | Target Resolution |
|---|---|---|
| Critical | Active exploitation, data breach, or complete service compromise | Within 24 hours |
| High | Vulnerability with significant impact potential but no active exploitation | Within 72 hours |
| Medium | Vulnerability with limited impact or requiring specific conditions | Within 1 week |
| Low | Minor issue with minimal security impact | Next scheduled release |
Our severity timelines align with the Atlassian Security Bug Fix Policy for Marketplace Partners.
Regulatory and platform compliance
Bytera follows data minimization and purpose limitation principles. Pulse stores no names, emails, or profile data, and the only outbound data is feature-usage metrics to an Atlassian-approved analytics tool — keeping the compliance surface minimal.
Pulse adheres to all Atlassian Marketplace Partner requirements for security, privacy, and the Security Bug Fix Policy.
By building on Forge, Pulse inherits Atlassian's SOC 2 Type II certified infrastructure controls and benefits from their security-first platform architecture.
No. Pulse analyzes content in-memory and stores only scores and page titles. Your page bodies are never copied, stored, or persisted anywhere.
No. Content analysis runs in the Forge runtime, and AI processing uses Atlassian's own Forge AI service inside the platform. The only outbound connection Pulse makes is usage metrics (feature-usage counts, no content or titles) to an Atlassian-approved analytics tool declared in the app manifest.
The Advanced edition's semantic duplicate detection uses Atlassian Forge AI — the LLM service Atlassian operates inside the Forge platform. Your content is never sent to a third-party AI provider, and the Standard edition never invokes AI at all.
We never collect names, email addresses, or profile data. The Atlassian Account ID from the app context is used for permission checks, rate limiting, and as a pseudonymous identifier in usage telemetry — nothing more.
No. Pulse has strictly read-only access. It cannot create, modify, or delete any pages, spaces, or content in your Confluence instance.
Yes. We store no names, emails, or profile data, and the only outbound data is feature-usage metrics sent to an Atlassian-approved analytics tool. Users can request data access, correction, or deletion at any time.
All app-related data (scan scores, content policies, configuration) is automatically removed by the Atlassian Forge platform. No residual data remains.
Please contact us immediately at support@bytera.tech with the subject line "Security Concern". We respond within 24 hours.
We're committed to transparency. If you have any questions about our security practices, data handling, or need additional information for your security review, please don't hesitate to contact us.