When should I be deleting a tenant's data?

Our app ProForma stores all data in Jira entity properties, so when a customer uninstalls we cannot access their data any more.

That solves the problem for us because we don’t hold anything once a customer has left, but it could be a problem for them. If they want to get rid of their ProForma data after they uninstall then they’re too late — we can’t access their Jira instance any more so we can’t delete it. Jira doesn’t know what things our app wrote so it can’t delete it either.

Perhaps one way to solve it would be for Atlassian to reinstate our app’s access to Jira APIs when someone requests delete. Perhaps better, though, would be if data our apps store in Jira is marked as being owned by the app. That way Jira could provide a button for administrators to delete it without our app having to be involved.