MuleSight Privacy Policy
| Owner | Flowdence Legal and Product |
| Applies to app | MuleSight for Confluence |
| Review cadence | Quarterly and before publication |
1. Who we are
Section titled “1. Who we are”- Company:
Flowdence - Privacy contact:
privacy@flowdence.io - Business address:
Melbourne AU, 3030
2. What MuleSight does
Section titled “2. What MuleSight does”MuleSight is a Forge-based Confluence app that renders MuleSoft snapshots (Exchange assets, Runtime Manager apps, API Manager instances, and API security posture) in Confluence macros and a dashboard.
3. Data categories processed
Section titled “3. Data categories processed”MuleSight processes and stores the following categories required to deliver product functionality:
- App configuration values (for example default organization id, dataset flags).
- MuleSoft connected app client id.
- MuleSoft connected app client secret and OAuth access token in Forge secret storage.
- Cached MuleSoft dataset snapshots and metadata (apps, APIs, policies, tiers, contracts, refresh timestamps).
- Operational log metadata required for support and troubleshooting.
MuleSight is designed to avoid unnecessary storage of Atlassian end-user profile data.
4. Why we process this data
Section titled “4. Why we process this data”- Provide requested MuleSoft snapshot views in Confluence.
- Improve reliability using cached snapshots and stale fallback.
- Support troubleshooting and incident response.
5. Data hosting and transfers
Section titled “5. Data hosting and transfers”- App runtime and storage are on Atlassian Forge services.
- Configured outbound fetch target is MuleSoft Anypoint platform endpoint(s) required for product functionality.
- Additional transfer terms: Where personal data is transferred across borders, Flowdence applies appropriate safeguards required by applicable law, including standard contractual clauses or equivalent legal transfer mechanisms where required.
6. Retention and deletion
Section titled “6. Retention and deletion”- Cached runtime datasets are retained according to product operational policy and may be refreshed/replaced.
- Secrets remain stored until rotated or removed by configuration change.
- Detailed retention windows and cleanup commitments are documented in the MuleSight data handling disclosure.
7. Data sharing
Section titled “7. Data sharing”- No sale of personal data.
- Data is shared only with infrastructure and subprocessors required to deliver service.
- Subprocessor disclosure is maintained on Flowdence public policy pages.
8. Data subject rights
Section titled “8. Data subject rights”Requests regarding personal data can be sent to privacy@flowdence.io.
9. Security controls
Section titled “9. Security controls”Flowdence applies controls described in the MuleSight security policy, including secret storage, redacted structured logging, and least-privilege scopes.
10. Product-specific privacy notes
Section titled “10. Product-specific privacy notes”MuleSight processes MuleSoft technical metadata such as API names, versions, environments, deployment status, policy summaries, SLA tier and contract metadata, endpoint methods and paths, diagnostics results, and refresh timestamps. Depending on a customer’s MuleSoft naming conventions, these datasets may contain personal data in resource names or descriptions; customers should configure and name MuleSoft assets accordingly.
MuleSight uses Anypoint egress to fetch customer-authorized data and stores cached snapshots so Confluence pages remain useful when upstream APIs are unavailable. Support requests should include affected module, organization/environment context, dataset type, refresh timestamp, and sanitized screenshots, but should not include MuleSoft secrets or OAuth tokens.
11. Changes to this policy
Section titled “11. Changes to this policy”Material changes are published with updated effective date and version note.
12. Shared baseline policies
Section titled “12. Shared baseline policies”This app-specific policy is read together with the shared Flowdence baseline: