Introduction
Atlassian Backup ("we," "our," or "the Extension") is a browser extension developed by Marshudi, an independent developer based in Oman. This Privacy Policy explains how we handle information when you use our Extension to back up Confluence pages and Jira tickets from Atlassian Cloud services.
We are committed to transparency and protecting your privacy. This policy describes our data practices in clear, straightforward terms suitable for both individual users and enterprise security teams evaluating our Extension.
Core Privacy Principle
We do not collect, store, or transmit your Atlassian content or credentials to any external servers.
All backup operations occur entirely within your browser's sandboxed environment. Your Confluence pages, Jira tickets, attachments, and authentication tokens remain exclusively on your local machine or are sent directly to your chosen destination (Downloads folder or your own SharePoint instance)-never to us.
Data Collection
The Extension collects only the minimum data necessary to enforce plan limits and verify subscriptions. Specifically:
What We Collect
- Daily file count: A numerical counter of how many files (pages, attachments) you've backed up each day. This is stored locally in your browser and synchronized via ExtensionPay to enforce your plan's daily limits (25 files for Free, 500 for Pro, unlimited for Business).
- Subscription status: A flag indicating whether you have an active paid subscription (Pro or Business). This is managed by ExtensionPay and Stripe to determine which plan features you can access.
What We Do NOT Collect
- Atlassian content: We never see, store, or transmit the actual text, images, attachments, or metadata from your Confluence pages or Jira tickets.
- Authentication credentials: The Extension uses your browser's existing session cookies to authenticate with Atlassian. We never capture, store, or transmit your Atlassian username, password, or API tokens.
- SharePoint content or credentials: When backing up to SharePoint, the Extension uses your browser's existing SharePoint session. We never capture or store your Microsoft credentials or access tokens.
- Browsing history: We do not track which Confluence pages or Jira tickets you visit, view, or back up.
- Personal identifiable information: We do not collect your name, email address, IP address, or device identifiers-except as required by Stripe for payment processing (see Third-Party Processing below).
Zero Data Retention Policy for Atlassian Content
The Extension operates on a zero-retention architecture for all Atlassian and SharePoint content:
- No server-side storage: We do not operate servers that receive or store your backup data.
- Client-side processing only: All PDF rendering, attachment downloads, and metadata assembly happen in your browser using the Chrome DevTools Protocol and standard web APIs.
- Direct-to-destination: Files go straight from Atlassian's servers (via your browser) to your local Downloads folder or your SharePoint instance. They never transit through our infrastructure.
When you uninstall the Extension, the only data that remains is whatever you chose to download to your local machine or upload to SharePoint-all of which you control directly.
Third-Party Processing
The Extension integrates with two third-party services for payment and subscription management:
ExtensionPay (Subscription Management)
We use ExtensionPay to manage subscription logic and daily usage limits. ExtensionPay:
- Stores your daily file count and subscription tier (Free, Pro, Business) in your browser's local storage.
- Synchronizes subscription status with Stripe to verify paid plans.
- Does not collect or transmit your Atlassian content.
Stripe (Payment Processor)
When you upgrade to a paid plan (Pro or Business), payments are processed by Stripe, a PCI-DSS compliant payment processor. Stripe:
- Collects your payment information (credit card number, billing address, email) to process charges.
- Issues a subscription token that ExtensionPay uses to verify your paid status.
- Does not share your payment details with us-we only receive a subscription confirmation.
- Operates under its own privacy policy: stripe.com/privacy
Important: All payments occur outside the Google Chrome Web Store or Microsoft Edge Add-ons store. We process subscriptions via ExtensionPay and Stripe only-not through browser store billing systems.
Browser Permissions Explained
The Extension requests several browser permissions. Here's what each permission is used for and what it is NOT used for:
activeTab, tabs
Used for: Communicating with the Confluence or Jira tab you're currently viewing, and opening a hidden tab to render pages to PDF via Chrome DevTools Protocol.
NOT used for: Reading your browsing history, tracking which sites you visit, or accessing tabs unrelated to Atlassian or SharePoint.
debugger
Used for: Rendering Confluence pages to real PDFs (not HTML screenshots) using the Chrome DevTools Protocol's Page.printToPDF command. This produces vector-based PDFs with correct CSS and metadata.
NOT used for: Debugging or inspecting any tabs other than the Extension's own hidden render tab. You'll see a "Started debugging this browser" banner during PDF rendering-this is harmless and indicates normal operation.
downloads
Used for: Saving backup files (PDFs, attachments, metadata JSON) to your browser's Downloads folder via the browser's download manager.
NOT used for: Accessing or reading files already on your computer.
host_permissions: *.atlassian.net, *.atlassian.com
Used for: Calling the Confluence and Jira REST APIs using your existing browser session, and downloading attachments from media.atlassian.com (which Atlassian Cloud uses for attachment redirects).
NOT used for: Intercepting or modifying your Atlassian session, capturing your credentials, or accessing Atlassian data you haven't explicitly chosen to back up.
host_permissions: *.sharepoint.com
Used for: (SharePoint mode only) Listing folders and uploading files to your chosen SharePoint document library via the SharePoint REST API, using your existing browser session.
NOT used for: Accessing SharePoint if you haven't enabled SharePoint mode, or uploading data without your explicit backup action.
storage
Used for: Storing your preferences (backup destination choice: Download or SharePoint, selected SharePoint folder URL) and daily file count locally in your browser.
NOT used for: Storing Atlassian content, credentials, or any personal data beyond usage counts and preferences.
Your Rights
Because we do not collect or store your Atlassian content or personal data (beyond payment info handled by Stripe), you inherently retain full control:
- Right to access: All data the Extension uses is stored locally in your browser (chrome.storage.local). You can inspect it via Chrome DevTools.
- Right to deletion: Uninstalling the Extension removes all locally stored preferences and usage counts. Backup files you downloaded remain on your device or SharePoint-you control those directly.
- Right to data portability: All backup files are saved in standard formats (PDF, JSON) that you can move, archive, or process as you see fit.
- Right to withdraw consent: You can stop using the Extension at any time by uninstalling it. Cancel paid subscriptions via the Extension's settings or by contacting Stripe support.
Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in the Extension's features or legal requirements. If we make material changes, we'll notify you via an in-extension message or update notice in the Chrome Web Store listing. Your continued use of the Extension after such changes constitutes acceptance of the updated policy.
The current effective date is listed at the top of this page: July 13, 2026.
Data Security
While we do not store your Atlassian content, we recognize that the Extension runs in your browser and interacts with sensitive data. Security measures include:
- Sandboxed execution: All operations occur within Chrome's extension sandbox, isolated from other browser processes.
- No remote code execution: The Extension does not load external scripts or code at runtime.
- HTTPS-only communication: All API calls to Atlassian and SharePoint occur over encrypted HTTPS connections.
Enterprise Considerations
For security teams evaluating this Extension:
- Data residency: All Atlassian content remains in your environment (local machine or your SharePoint tenant). Nothing transits through our servers or third-party storage.
- Compliance: Because we do not collect or store content, GDPR, CCPA, and similar regulations primarily apply to Stripe's payment processing. The Extension itself imposes no additional compliance burden.
- Conditional Access: If your organization enforces Conditional Access policies on SharePoint, the Extension inherits those controls-it cannot bypass your tenant's security settings.
- No network telemetry: The Extension does not phone home with usage analytics, crash reports, or telemetry beyond what's required for subscription verification via ExtensionPay/Stripe.
Contact Information
If you have questions or concerns about this Privacy Policy, your data, or the Extension's operation, please contact:
For payment or subscription issues, contact Stripe Support.
By installing and using Atlassian Backup, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree, please do not install or use the Extension.