XPress — Privacy Policy

Last updated: April 2026

1. Overview

Bytera ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how XPress, our Confluence app listed on the Atlassian Marketplace, accesses, processes, and protects your data.

Bytera is the data controller and is fully responsible for the privacy, security, and integrity of any data processed by XPress. Atlassian is not responsible for our data practices.

2. Data We Access

XPress is a Confluence app that exports pages and blog posts to PDF. To provide this functionality, XPress accesses the following data through Atlassian APIs:

2.1 Confluence Content (Read Access)

  • Page and blog post content: Titles, body content, and formatting — accessed when you initiate an export.
  • Attachments: Images and files embedded in pages — accessed to include them in the exported PDF.
  • Space metadata: Space names and structure — used to display content selection options.
  • Hierarchical content: Page tree structure — used for bulk and nested page exports.

2.2 Write Operations

  • File uploads: Generated PDF files may be saved back to Confluence as attachments, when requested by the user.

2.3 User Context

  • Atlassian Account ID: Used to identify who initiated an export request and to enforce permissions. We do not access profile details beyond what Atlassian provides in the app context.

3. Data Processing & External Services

Important: XPress uses an external rendering service to generate PDF documents.

3.1 PDF Rendering Service

When you export content to PDF, formatted content is sent to our secure, cloud-hosted rendering service (operated by Amazon Web Services) solely to be converted into a PDF file. The render service:

  • Acts purely as a rendering engine — it does not read, interpret, analyze, or store the content in any way.
  • Does not persist any data. Content is processed in-memory and discarded immediately after the PDF is generated.
  • Does not log, record, or retain any content or metadata. There is zero data retention on the external service.
  • All data is transmitted over encrypted HTTPS connections.
  • Is hosted on AWS in the US East (N. Virginia) region.

All content reading, processing, and PDF storage operations happen entirely within the Atlassian Forge environment. The external render service only receives pre-formatted HTML for conversion and returns the resulting PDF — no data leaves the rendering pipeline.

3.2 Forge Platform

XPress runs on Atlassian's Forge platform. The following Forge services are used:

  • Forge SQL (MySQL): Used to store generated PDF documents within the Atlassian cloud environment. No user personal data is stored.
  • Forge App Storage: Used for app configuration settings.
  • Forge Queues: Export and render tasks are processed through Forge async queues for reliable execution.

4. Data We Store

Data Type Where Retention
Generated PDF documents Forge SQL (within Atlassian cloud) Until deleted by user or app is uninstalled
App configuration Forge App Storage Until app is uninstalled
Page content (during PDF generation) Render service (in-memory only) Seconds — discarded immediately after rendering

We do not store any user personal data. We do not store Confluence page content outside of the Atlassian cloud environment. Generated PDFs remain within Forge SQL, managed by Atlassian's infrastructure.

5. How We Use Data

We use the data we access exclusively for:

  • Converting Confluence content to PDF format (core app functionality).
  • Storing generated PDFs within Forge for user retrieval.

We do not sell, rent, share, or use your data for advertising, marketing, analytics, or any purpose other than providing XPress functionality.

6. Data Security

We implement industry-standard security measures:

  • Forge Sandbox: XPress runs in Atlassian's secure Forge environment with tenant isolation and sandboxed execution.
  • Encrypted Transit: All communication between Forge and our render service uses HTTPS/TLS encryption.
  • Least Privilege: We request only the minimum API scopes necessary for app functionality.
  • No Persistent Storage of Content: Page content is never written to disk on our render service — it is processed in-memory only.
  • Infrastructure Security: Our render service runs on secure cloud infrastructure with automatic scaling, patching, and enterprise-grade security controls.

7. Data Sharing

We do not share your data with any third parties, with the following exceptions:

  • Cloud Rendering Service (AWS): Page content is transmitted to our cloud-hosted render service for PDF generation. AWS acts as our infrastructure provider, not a data processor.
  • Legal Requirements: We may disclose data when required by law, legal process, or to protect our rights or the safety of users.

We do not use any third-party analytics, advertising, or tracking services within XPress.

8. Your Rights

In accordance with applicable data protection laws (including GDPR), you have the right to:

  • Access: Request information about what data we process.
  • Rectification: Request correction of inaccurate data.
  • Erasure: Request deletion of your data. Since we do not permanently store content, uninstalling XPress removes all app-related data from Forge.
  • Data Portability: Request your data in a portable format.
  • Objection: Object to the processing of your data.

To exercise any of these rights, please contact us at admin@bytera.tech.

9. Permissions Explained

XPress requests the following Atlassian API scopes and their justification:

Permission Why It's Needed
Read pages, content, spaces To access and display Confluence content for export
Read attachments To include images and files in exported PDFs
Search To enable content search and filtering within the app
Write files To save generated PDFs as Confluence attachments
App storage To store app configuration and generated PDF documents

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by updating the "Last updated" date and, where appropriate, through our Atlassian Marketplace listing.

11. Contact

For any privacy-related questions, data requests, or security concerns: