Our data processing practices are designed to uphold the highest standards of security and privacy, ensuring your data is handled with care.

Trust Center

Embank AI – Security, Privacy & Data Protection

Last updated: February 2026

Embank AI is committed to maintaining the highest standards of security, privacy, and transparency. This Trust Center outlines how we handle customer and end-user data across our products and services.

1. Definition of End-User Data

End-User Data refers to any data associated with users of Atlassian products that is accessed, processed, or stored by this app. This may include user identifiers (such as usernames and email addresses), Jira issue metadata, project information, and content necessary to provide the app’s functionality.

2. Data Processed Outside Atlassian

Limited End-User Data is processed and temporarily stored outside Atlassian infrastructure in secure cloud environments to enable app functionality, analytics, and compliance features.

All data is encrypted in transit and at rest.

3. Data Residency

In-scope End-User Data is hosted in cloud infrastructure located in the European Union, primarily in AWS EU regions. Additional regions may be supported in the future.

4. In-Scope End-User Data

The following data may be processed and stored by Embank AI:

• User identifiers (name, email address, account ID)

• Jira issue metadata

• Project and workflow metadata

• Ticket content relevant to analysis

• Application configuration data

• Decision and provenance metadata (where applicable)

5. Out-of-Scope End-User Data

The following data is not processed or stored:

• Atlassian account passwords

• Payment or billing information

• Authentication credentials

• Atlassian internal system data

• Customer-managed encryption keys

6. Data Residency Migration

Where supported, in-scope End-User Data may be migrated between supported regions upon customer request or infrastructure changes, using secure and encrypted transfer mechanisms.

7. Data Sharing with Third Parties

End-User Data is never sold or shared for marketing purposes.

Data may be shared only with essential infrastructure providers (such as cloud hosting, monitoring, and security services) under strict confidentiality and data processing agreements.

8. Access to End-User Data in Logs

Operational logs may contain limited technical identifiers (such as user IDs or issue IDs) for debugging, security, and performance monitoring purposes.

Access to logs is restricted and monitored.

9. End-User Data in Logs Outside Atlassian

Limited technical identifiers may be stored in application logs hosted in secure cloud environments.

Sensitive content is not intentionally logged.

10. Log Data Shared with Third Parties

Application logs are not shared with external third parties except approved infrastructure providers under contractual safeguards.

11. Logs Integral to App Functionality

Logs are used solely for operational monitoring, security, and incident response.

They are not integral to core application functionality.

12. Data Retention After Uninstallation

By default, End-User Data is deleted within 30 days of app uninstallation, unless legally required to retain it for compliance or security purposes.

Customers may request earlier deletion.

13. Custom Data Retention

Enterprise customers may request custom data retention periods, subject to contractual agreement.

14. Security Contact

For security-related issues, vulnerability reporting, or incident notifications:

Email: security@embankai.com
Support: support@embankai.com

15. Integration Permissions

This application requires the following permissions:

• View user profile information (name, email, avatar)

• Read Jira projects, issues, attachments, and worklogs

• Read and write to Atlassian app storage

These permissions are used solely to deliver core functionality.

16. Compliance Certifications

Embank AI follows industry-standard security and operational best practices.

At present, we do not hold formal certifications such as ISO 27001 or SOC 2. Certification processes are planned as the platform scales.

17. Privacy Policy

Our Privacy Policy is available at:

https://embankai.com/privacy

18. GDPR – Data Controller

Customers using Embank AI act as the Data Controller for End-User Data under the General Data Protection Regulation (GDPR).

19. GDPR – Data Processor

Embank AI acts as a Data Processor in accordance with Article 28 of the GDPR.

Data Processing Agreements (DPAs) are available upon request.

20. Continuous Improvement

Security, privacy, and compliance are core to Embank AI’s product strategy.

We regularly review and improve our controls, infrastructure, and policies in line with evolving regulatory, technical, and customer requirements.

Contact

For privacy, compliance, or trust-related inquiries:

Email: support@embankai.com
Website: https://embankai.com

At Embank AI, we prioritize the security and privacy of our users’ data. Our compliance framework is designed to align with industry standards and best practices. While we are in the process of obtaining formal certifications such as ISO 27001 and SOC 2, we currently adhere to rigorous internal controls and regularly audit our processes to ensure data integrity and security. Our commitment to compliance is unwavering, and we continuously update our practices to meet evolving regulatory requirements.