Consistent ticket quality at every workflow stage

Request a Demo

Data Processing Overview

How We Handle Your Data

At EmbankAI, we prioritize transparency and security in data handling. When you use Embank Clarity, we process Jira issue content, metadata, and configuration data to enhance ticket clarity. Our focus is on providing actionable insights while safeguarding your information.

We utilize AWS for hosting, ensuring data is processed within the EU or US based on your service configuration. Our integration with OpenAI/ChatGPT is strictly for generating analysis, without storing your Jira ticket data long-term.

GDPR / Data Handling Note (Embank Clarity)

Get Started Now

Data Handling & Security (Embank Clarity)

Last updated: 26 Jan 2026
This page explains how EmbankAI (“we”, “us”) handles data when you use Embank Clarity, our Jira app that reviews and improves ticket clarity.

1) GDPR roles

  • You (the customer) are typically the Data Controller for personal data contained in Jira issues.
  • EmbankAI acts as a Data Processor when processing Jira issue content on your behalf to provide the service.

2) What data we process

Depending on configuration and usage, Embank Clarity may process:
  • Jira issue content submitted for review (e.g., summary, description, acceptance criteria, comments)
  • Jira metadata required to operate (e.g., project key, issue type, workflow status/transition context)
  • App configuration (e.g., enabled projects, rules, thresholds, cooldowns)
  • Usage and billing information (e.g., review counts, plan details)
  • Support communications you send to us

3) Where processing happens (Atlassian Forge)

Embank Clarity runs on the Atlassian (Forge) platform. Data may be processed in the EU and/or other countries depending on Atlassian’s hosting and the service providers involved.
Where Embank Clarity uses third-party providers (for example, to generate AI feedback), data is transmitted only as needed to provide the requested functionality.

4) AI processing & customer API keys

  • Embank Clarity uses a customer-provided OpenAI/ChatGPT API key to perform AI reviews.
  • We do not use customer Jira content to train our own models.
  • We do not sell customer data.

5) Data minimization & retention

We aim to minimize the data we store.
  • Jira issue content is processed to generate feedback.
  • We may store limited operational data (e.g., configuration and logs) to operate the service, prevent abuse, and troubleshoot.
  • Retention: We retain data only as long as necessary to provide the service and meet legal, security, and billing requirements, after which it is deleted or anonymized where feasible.
(If you want a specific number, tell me and I’ll tighten this.)

6) Security measures

We use reasonable technical and organizational measures to protect data, including:
  • Encryption in transit (HTTPS/TLS)
  • Access controls and least-privilege practices
  • API keys encrypted using AES-256-GCM
  • Monitoring and logging for reliability and abuse prevention

7) International transfers

Because Embank Clarity runs on Atlassian Forge and may use third-party providers, personal data may be transferred outside the EEA/UK. Where applicable, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms.

8) Sub-processors

We may use sub-processors (e.g., Atlassian Forge and AI providers) to deliver the service. Sub-processor information is available on request at support@embankai.com.

9) Data Processing Addendum (DPA)

Where EmbankAI acts as a processor, a Data Processing Addendum (DPA) is available on request. Please email support@embankai.com to request the DPA.

10) Contact

Questions about data handling or security: support@embankai.com