Geniusee Timesheets – Privacy Policy
Effective date: August 12, 2025
Owner & Publisher: Geniusee (“Geniusee”, “we”, “us”, “our”)
Product: Geniusee Timesheets (the “App”) for Atlassian Marketplace
This policy explains how Geniusee processes Personal Data when you install and use the App with Atlassian products (e.g., Jira). It also covers support interactions related to the App. This document is intended for global use, with emphasis on EU/UK GDPR and U.S. state privacy laws (including CCPA/CPRA).
1) Who is responsible for your data?
- For Cloud deployments, your Atlassian site administrator (your “Customer”) is the data controller. Geniusee acts as a data processor/service provider following the Customer’s instructions.
- For Data Center/Server deployments, the App runs in your infrastructure; Geniusee typically acts as a data processor only for support data you choose to share with us.
Contact: info@geniusee.com
Postal address: 1108 Lavaca St, STE 110-750, Austin, TX 78701, USA
2) What data we process
When permitted by your Atlassian admin and scopes granted during installation, the App may process:
- Worklog & timesheet data: issue keys, issue summary, project, time spent, start/end time, worklog author, description/notes, team/account fields, and related metadata.
- User/account identifiers: Atlassian accountId (primary), username/display name, and email address only if your admin permits access (Atlassian Cloud restricts email by default).
- Configuration & usage: App settings, feature flags, error logs, and usage telemetry (aggregated/anonymous where possible).
- Support data (optional): information you share when contacting support (e.g., screenshots, logs, export files).
We do not collect: passwords, payment card details (Marketplace billing is managed by Atlassian), government IDs, or special category data unless you include such content in free-text fields (please don’t).
3) Purpose & legal bases for processing
We process Personal Data to:
- Provide and operate the App features (timesheets, reports, approvals, exports).
- Secure & maintain the App (monitoring, troubleshooting, preventing abuse).
- Support you (answer tickets, reproduce issues, provide fixes).
- Improve the App (analytics, quality, and usability)—preferably using aggregated or de-identified data.
Legal bases (EU/UK GDPR): performance of a contract (Art. 6(1)(b)), legitimate interests (Art. 6(1)(f)), and compliance with legal obligations (Art. 6(1)(c)).
U.S. (CCPA/CPRA): we act as a service provider/processor and do not sell or share Personal Data for cross-context behavioral advertising.
4) Where data is processed & data residency
- Cloud: Hosting and storage are provided by reputable cloud infrastructure. If you require EU/UK data residency, contact us before installation to confirm current regions and options.
- Data Center/Server: data remains in your environment; Geniusee only processes support materials you provide.
Note: Atlassian Cloud data residency settings may not automatically apply to third-party apps.
5) Sub-processors & disclosures
We may use vetted third parties to deliver the App (e.g., cloud hosting, email/support, observability). Each acts under contract with confidentiality, security, and privacy obligations.
- Current sub-processors: available on request at info@geniusee.com.
- Disclosures: We may disclose data to (a) our sub-processors, (b) Customer-designated recipients within your Atlassian site, and (c) authorities where required by law. We do not sell Personal Data.
6) Security
We implement administrative, technical, and physical safeguards proportionate to risk, including:
- Encryption in transit (TLS) and at rest (where applicable)
- Access controls, least-privilege, MFA for administrative consoles
- Secure SDLC, vulnerability management, logging/monitoring, and backups
For Data Center/Server, many security controls are your responsibility as the host operator.
7) Data retention & deletion
- Operational data (Cloud): retained only as long as needed to provide the App or as instructed by your admin.
- Typical practice: retain timesheet data for the life of the subscription; diagnostic logs up to 12 months; backups up to ~35 days.
- After uninstall (Cloud): we schedule deletion of App-stored Personal Data within 30–90 days, subject to backup cycles.
- Data Center/Server: you control retention in your own systems.
Admins may request export or deletion at any time via info@geniusee.com.
8) Your rights
Depending on your location, you may have rights to access, correct, delete, restrict, port, or object to processing of your Personal Data.
- How to exercise: contact your Atlassian admin first (controller). If you contact us directly, we’ll coordinate with your controller to fulfill the request.
- EU/UK: you may complain to your local supervisory authority.
- California: you may exercise rights under the CCPA/CPRA; we will not discriminate for exercising rights.
9) International data transfers
Where transfers occur outside your region (e.g., EU/UK → non-EU/UK), we rely on appropriate safeguards such as Standard Contractual Clauses and additional measures as needed.
10) Children’s privacy
The App is intended for business use and not for children under 16. We do not knowingly collect children’s data.
11) Cookies & tracking
The App itself typically uses only essential cookies/tokens required for authentication and operation. Our public website and support tools may use additional cookies per their respective policies.
12) Installation, permissions & uninstallation
- Scopes & permissions: At install time, your admin reviews the App’s requested scopes. The App can only access the data authorized by your admin and Atlassian’s APIs.
- Uninstall: Site admins can uninstall via Atlassian administration. Upon uninstall, we stop data collection and initiate the deletion schedule described above.
13) Changes to this policy
We may update this policy to reflect changes in law, the App, or our practices. We’ll post the updated version with a new effective date and, where required, provide notice to customers/admins.
Geniusee
Email: info@geniusee.com
Address: 1108 Lavaca St, STE 110-750, Austin, TX 78701, USA