Skip to content

Data handling Disclosure

OwnerFlowdence Product and Security
Applies to appMuleSight for Confluence
Review cadenceQuarterly and before Marketplace updates
Data categoryExamplesSourceStorage locationRetention posture
App configurationDefault org id, dataset flags, sync intervalAdmin settings UIForge KVSPersisted until updated/removed
Credential materialMuleSoft client secret, cached OAuth access tokenAdmin input and token exchangeForge secret storagePersisted until rotated or cleared
Dataset snapshotsCloudHub apps, API Manager APIs, security slicesMuleSoft APIsForge KVS cache entriesReplaced on refresh; cleanup behavior defined by cache lifecycle
Operational metadataRefresh timestamps, stale indicators, error metadataApp executionForge KVS and logsRetained per operational needs and platform behavior
  1. Admin configures MuleSoft credentials.
  2. App exchanges credentials for access token.
  3. App fetches MuleSoft data and writes cached snapshots.
  4. UI and Rovo actions read cache-first and optionally refresh live data.

Configured egress target:

No additional outbound endpoints are currently declared in the app manifest.

  • Runtime and storage operate on Atlassian Forge services.
  • Customer data location and residency follow Forge and Atlassian platform controls.
  • Secrets can be replaced through configuration updates.
  • Cache state can be reset when runtime context changes.
  • Additional lifecycle controls are tracked in the release gap register.
  • Define explicit documented cache retention windows by dataset type.
  • Add formal policy for periodic stale cache cleanup.

This app-specific policy is read together with the shared Flowdence baseline: