Privacy Policy for OAuth 2.0 (3LO) app

Hello,

In the company, we use the Atlassian Jira and we would like to use the Jira REST API to integrate Jira capabilities into our plugin on the Twilio Flex third-party product that we are already using.

In order to use Jira resources, our plugin on the Twilio Flex side sends a request to our APP REST API and on our backend side we make a request to the Jira REST API. We modify the received response from the Jira REST API if necessary and send it to the plugin on the Twilio Flex side.

We created an OAuth 2.0 (3LO) application to use the Jira REST API. The next step is to publish the OAuth application.

Given that in this flow the APP REST API is a kind of connector between two third-party products (Twilio Flex and Atlassian Jira), what privacy policy do we need to provide for OAuth 2.0 (3LO) application? Are there any specific content we should point out?

Hi @Alexey.Sapon, welcome to community. There are two guides that are worth highlighting re: privacy:

• https://developer.atlassian.com/platform/marketplace/data-privacy-guidelines/ - this is a data privacy guide for developers on the Atlassian platform.
• https://developer.atlassian.com/cloud/jira/platform/user-privacy-developer-guide/ - this guide has specific references to GDPR responsibilities (ex: right to erasure, right to rectification, right to be informed)

NOTE: Atlassian does not provide legal advice. These guides are for informational purposes only, and are not intended to provide, and should not be relied on for legal advice. You should consult your own legal counsel on how GDPR and other privacy laws/regulations apply to your business.

@nmansilla, Thank you