DATA SECURITY AND PRIVACY STATEMENT
One-Way Sync for Confluence
Last Updated: December 2025
OVERVIEW
One-Way Sync for Confluence is a synchronization tool that enables automated content transfer between Confluence instances. This statement explains how the app handles, secures, and protects your data.
DATA COLLECTION AND ACCESS
The app accesses the following Confluence data:
- Page content, titles, and metadata
- Blog post content and metadata
- Attachments (files uploaded to pages and blogs)
- Comments on pages and blogs
- User information (usernames, display names) for attribution
- Space and page configuration data
- Classification data (if Classifier plugin is installed)
- Sync configuration settings
The app does NOT collect or transmit:
- User passwords or authentication credentials
- Personal information beyond usernames and display names
- Data from Confluence instances not configured as sync destinations
- Analytics or usage tracking data sent to external servers
DATA USAGE
The app uses accessed data solely for:
- Synchronizing content from origin to destination Confluence instances as configured
- Applying classification-based restrictions and user/group restrictions
- Managing sync configuration and settings
- Logging sync operations for troubleshooting and audit purposes
DATA STORAGE
All data remains within your Confluence infrastructure:
- Configuration data is stored in Confluence's Bandana storage system (on your Confluence server)
- Sync settings are stored as page properties and Confluence configuration
- No data is transmitted to or stored on external servers operated by Churrie Works
- The app operates entirely on-premise within your Confluence environment
All data processing occurs on your servers. No data is shared with or accessible by Churrie Works.
DATA TRANSMISSION AND SECURITY
Content synchronization occurs between your Confluence instances:
- Data is transmitted directly from origin to destination Confluence instances
- API key authentication is required for all sync operations
- API keys are stored securely in Confluence's configuration system
- All HTTP communications can be encrypted using HTTPS (when configured)
- The app does not route data through external servers
API KEY SECURITY
- API keys are stored in Confluence's secure configuration storage
- Keys are transmitted only in HTTP headers (X-Sync-Api-Key) during sync operations
- Keys are never logged in plain text
- Users can generate and rotate API keys at any time through the admin interface
- API keys are specific to each destination configuration
DATA RETENTION
- Sync configuration data is retained as long as the app is installed and configured
- Sync timestamps are maintained to prevent duplicate synchronizations
- Failed event logs are retained according to your Confluence log retention policies
- Users can clear or modify sync configuration at any time through the admin interface
USER CONTROL AND ACCESS
Users have full control over:
- Which spaces and pages are synchronized
- Which destinations receive synchronized content
- Classification-based restrictions at system, space, and page levels
- User and group restrictions
- Attachment filtering rules
- API key generation and management
- Sync enable/disable settings at page level
ADMINISTRATIVE ACCESS
Confluence administrators can:
- Configure all sync settings through the admin interface
- View sync status and logs
- Manage destination configurations
- Set system-wide restrictions
- Generate and manage API keys
- Disable the app entirely if needed
THIRD-PARTY INTEGRATIONS
The app integrates with:
- Classifier for Confluence plugin (optional) - for classification-based restrictions
- Confluence's native APIs and services
No external third-party services or APIs are used.
COMPLIANCE AND SECURITY MEASURES
- The app operates entirely within your Confluence infrastructure
- All data processing occurs on your servers
- No data is shared with or accessible by Churrie Works
- The app follows Confluence's security best practices
- API key authentication ensures only authorized sync operations
- Classification and user restrictions provide additional access controls
DATA BREACH PROCEDURES
In the unlikely event of a security issue:
- The app operates on your infrastructure, so any security concerns would be within your control
- You can immediately disable the app through Confluence's plugin management
- All sync operations can be halted by removing destination configurations
- API keys can be regenerated to invalidate existing credentials
UPDATES AND CHANGES
This privacy statement may be updated to reflect changes in the app's functionality. Users will be notified of significant changes through:
- Release notes in the Atlassian Marketplace
- Version update notifications in Confluence
CONTACT INFORMATION
For questions about data security and privacy:
Churrie Works Inc.
Website: https://churrieworks.com
Email: customerService@churrieworks.com
YOUR RIGHTS
You have the right to:
- Access and review sync configuration at any time
- Modify or delete sync settings
- Disable synchronization for any page or space
- Remove the app entirely from your Confluence instance
- Generate and manage API keys
- Review sync logs and audit trails
CONCLUSION
One-Way Sync for Confluence is designed with privacy and security as core principles. All data remains within your Confluence infrastructure, and you maintain full control over what is synchronized and where. The app does not collect, store, or transmit data to external servers, ensuring your content remains secure and private.