Secrets Scanner - Privacy Policy

Last Updated: 29 May 2026

1. Overview

Secrets Scanner ("the App") is an Atlassian Forge application designed to help Confluence Cloud administrators identify potentially exposed credentials, API keys, tokens, and other secrets within Confluence content.

This Privacy Policy explains what information the App accesses, how it is used, where it is stored, and the rights available to users and organisations using the App.

By installing or using the App, you acknowledge and agree to the practices described in this Privacy Policy.

2. Developer Information

Secrets Scanner is developed and maintained by Versa.

For privacy-related enquiries, contact:

Email: support@versa-technologies.co.uk

3. Roles and Responsibilities

For content stored within your Confluence instance, your organisation remains the data controller (or equivalent role under applicable privacy laws).

The App acts solely as a tool that processes information at the direction of authorised administrators to provide secret-scanning functionality.

We do not determine the purpose for which your organisation uses Confluence content and do not independently access customer content except as necessary to operate the App through Atlassian's Forge platform.

4. Information the App Accesses

When an authorised Confluence administrator initiates a scan, the App may access:

  • Confluence page body content

  • Page titles and URLs

  • Footer comments

  • Attachment filenames and MIME types

  • Historical page version content (up to 10 prior versions per page)

This information is accessed solely for the purpose of identifying potential secret exposures.

The App is designed to operate within Atlassian's Forge platform and does not intentionally transmit scanned content to developer-controlled servers or third-party services.

5. Information the App Stores

After a scan completes, the App stores the following information in Atlassian Forge hosted storage associated with the customer's Atlassian site:

DataPurposeSpace key and scan statusTrack scans and scan historyPage titles and page URLsHelp administrators locate findingsContent source type (page, comment, attachment, version)Categorise findingsRedacted match valuesIdentify findings without storing complete secretsContext snippets with secrets redactedAssist remediationScan timestamps and finding countsReporting and dashboard functionalityPattern configuration settingsSave administrator preferences

The App is designed not to store complete credentials, passwords, API keys, tokens, or other secrets after detection.

6. How Information Is Used

Information accessed by the App is used solely to:

  • Detect potential credential exposures

  • Display findings to authorised administrators

  • Maintain scan history and findings

  • Store administrator configuration preferences

  • Operate, maintain, and improve the functionality and security of the App

We do not use customer content for advertising, profiling, marketing, behavioural analysis, or AI model training.

7. Legal Basis for Processing (GDPR)

Where the General Data Protection Regulation (GDPR) applies, processing is generally performed on one or more of the following bases:

  • Legitimate interests in maintaining security and preventing accidental exposure of credentials and secrets

  • Performance of a contract relating to provision of the App

  • Compliance with applicable legal obligations where required

Your organisation is responsible for determining its own legal basis for using the App within its environment.

8. Where Information Is Stored

Data is stored using Atlassian Forge hosted storage and related Atlassian cloud services.

The location and processing of data are subject to Atlassian's infrastructure, policies, and regional hosting capabilities.

For additional information, please refer to:

  • Atlassian Privacy Policy

  • Atlassian Data Processing Addendum

9. Data Sharing and Disclosure

We do not sell, rent, or commercially disclose customer data.

Information may be disclosed only in the following limited circumstances:

  • When required by applicable law, regulation, court order, or governmental request

  • To protect the security, integrity, or operation of the App

  • As part of a business transfer, merger, acquisition, or reorganisation, subject to appropriate confidentiality protections

  • Through Atlassian's infrastructure as necessary to provide the App

10. Security Measures

We take reasonable technical and organisational measures designed to protect information processed by the App.

The App is built on Atlassian Forge and relies on Atlassian's security controls, authentication systems, permissions framework, and hosted storage services.

However, no method of electronic transmission, storage, or processing can be guaranteed to be completely secure, and we cannot guarantee absolute security.

11. Data Retention

Scan results remain available until:

  • They are replaced by subsequent scans;

  • They are manually removed by the customer where functionality permits; or

  • The App is uninstalled and associated Forge-hosted data is deleted in accordance with Atlassian's platform processes and retention policies.

Retention periods may vary depending on Atlassian platform behaviour and applicable legal requirements.

12. Access Control

The App is intended for authorised Confluence administrators.

Access to App functionality and stored findings is governed by Atlassian account permissions and the App's configured access controls.

Customers are responsible for managing user permissions within their Atlassian environment.

13. International Data Transfers

Because Atlassian operates a global cloud infrastructure, information processed by the App may be transferred to, stored in, or processed in countries outside the user's jurisdiction.

Such transfers are governed by Atlassian's contractual, technical, and organisational safeguards.

14. Privacy Rights

Depending on your jurisdiction, you may have rights including:

  • Access to personal information

  • Correction of inaccurate information

  • Deletion of information

  • Restriction of processing

  • Data portability

  • Objection to certain processing activities

Because customer content is controlled by the customer organisation, requests relating to Confluence content should generally be directed to the relevant organisation administering the Confluence site.

For requests relating specifically to the App, contact:

support@versa-technologies.co.uk

We will respond within a reasonable period and in accordance with applicable law.

15. California Privacy Rights

If applicable under California law, California residents may have rights regarding access, correction, deletion, and information about the collection and use of personal information.

We do not sell personal information and do not share personal information for cross-context behavioural advertising.

16. Cookies and Tracking

The App does not use advertising cookies, tracking pixels, behavioural analytics, or similar tracking technologies.

Any cookies or similar technologies used by Atlassian are governed by Atlassian's own policies.

17. Children's Privacy

The App is intended for business and enterprise use and is not directed to children.

We do not knowingly collect personal information from children.

18. Changes to This Policy

We may update this Privacy Policy from time to time.

Changes become effective when the revised version is published. The "Last Updated" date above indicates when the policy was most recently revised.

Continued use of the App after publication of an updated Privacy Policy constitutes acceptance of the revised policy.

19. Contact

For privacy-related questions, requests, or concerns:

Email: support@versa-technologies.co.uk

20. Atlassian Disclaimer

Secrets Scanner is an independent Atlassian Marketplace application.

It is not affiliated with, endorsed by, sponsored by, or approved by Atlassian Pty Ltd or its affiliates.