Trust & Privacy

Data handling, retention windows, and GDPR controls for JIRA MCP Remote.

Trust And Privacy

This service is designed to use the minimum data needed to authenticate users, execute Jira actions, and operate safely in a shared enterprise environment.

What Data Is Stored

  1. Sign-in and session state:
    • Temporary login/session details needed to complete browser sign-in and bind MCP sessions to the right user.
    • This state is short-lived and kept in memory.
  2. Jira PAT enrollment state:
    • A user-scoped Jira personal access token (PAT) and whether it is currently valid.
    • PAT secrets are stored encrypted and are never stored in plaintext.
    • In shared production deployments, PAT secrets are expected to be stored in Azure Key Vault.
  3. User MCP profiles:
    • Profile id, profile name, selected tools, and profile timestamps.
  4. Upload staging data:
    • Temporary file content and metadata while processing attachment uploads.
  5. Operational telemetry (optional):
    • Service health and usage signals such as route, status, latency, tool category, and outcome.
    • User counting is pseudonymous; raw account identifiers are not used for metrics.
  6. Security audit events (optional):
    • Structured audit records for authentication, PAT lifecycle, profile changes, policy decisions, and tool calls.
    • Each event includes a request correlation id to support incident investigation.

What Is Never Stored

  1. PAT values in plaintext at rest.
  2. PAT values in telemetry or analytics attributes.
  3. Raw usernames, emails, profile names, or tool arguments in telemetry attributes.
  4. Arbitrary server-local file paths from clients for remote attachments (staged uploads are required).
  5. Jira issue-content archives in this service (it proxies Jira requests; it is not an issue-content datastore).

Retention Windows

  1. OAuth/web transient state:
    • Login and OAuth transient states are retained for minutes, not hours.
    • Typical windows are 5 to 10 minutes depending on flow step.
  2. MCP session-owner mapping:
    • Up to 8 hours since last activity.
  3. Upload staging:
    • Temporary uploads expire quickly (default: 15 minutes).
    • Successfully consumed uploads are deleted after request processing.
  4. PAT records:
    • Retained until the user rotates or deletes the PAT, or deletes account data.
  5. Custom profiles:
    • Retained until the user deletes profiles or deletes account data.
  6. Telemetry/log retention:
    • Controlled by your organization’s monitoring/logging backend retention policy.
  7. Local audit file retention (if enabled):
    • Controlled by the deployment’s log/file lifecycle policy.

GDPR Handling

  1. Data minimization:
    • Only data needed for authentication, authorization, and operations is retained.
  2. User self-service deletion:
    • Users can delete account-scoped data from Settings (stored PAT + custom profiles) and sign out.
  3. PAT lifecycle controls:
    • Users can enroll, rotate, and delete their PAT.
  4. Operator controls:
    • Operators control telemetry enablement and retention windows in enterprise observability systems.
    • Production deployments should enforce least-privilege secret access and managed identity-based controls.
  5. Data subject requests (access/erasure):
    • Fulfilled by deleting user-scoped PAT/profile records and applying retention/deletion controls in telemetry and audit systems.