TileMenu Privacy

Privacy Policy — TileMenu for Confluence

Last updated: June 2026

1. Overview and scope

This privacy policy informs you about the processing of personal data when using the app “TileMenu for Confluence” (the “App”), which is offered via the Atlassian Marketplace for Atlassian Confluence Cloud.

The App is implemented as an Atlassian Forge app. It runs entirely within the Forge infrastructure operated by Atlassian. There is no separate server and no separate backend operated by the provider. Within the scope of the App’s functionality, personal data does not leave the Atlassian cloud environment of your Confluence instance and is not transmitted to the provider.

For the processing of your data by Atlassian itself (in particular as the operator of Confluence Cloud and the Forge platform), Atlassian’s privacy policy additionally applies (https://www.atlassian.com/legal/privacy-policy).

2. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) for the data processed by the App on behalf of, or within the scope of, the App’s functionality is:

SynthScript, owner Christoph Kretschmer
Hornisgrindestraße 9
77855 Achern
Germany
Phone: +49 (7841) 627 44 00
Email: info@synthscript.de

As the controller in the data protection sense for the content stored in your Confluence instance, you, as the operator, or your company, generally remain responsible. With regard to the configuration and content data stored in the App, the provider acts as a data processor within the meaning of Art. 28 GDPR; processing is carried out via Atlassian’s storage and platform services (Forge).

3. Function of the App

The App displays a configurable tile menu on a Confluence page. It shows the subpages of the respective page as tiles (with title, emoji icon and optional cover image) and allows tiles to be arranged, customized and created manually. For display, the App reads content from your Confluence instance.

4. Data processed and access permissions

To fulfil its function, the App requires the following permissions (scopes) within Confluence:

  • read:page:confluence — reading page content and page metadata
  • read:attachment:confluence — reading attachments (to resolve cover images)
  • read:confluence-props — reading page properties (e.g. emoji, cover image ID)
  • read:confluence-content.permission — checking editing permissions
  • storage:app — storing the App configuration in Atlassian storage (Forge KVS)

Within the scope of these permissions, the App processes in particular:

a) Confluence content data (read, retrieved on demand)

  • Page IDs, page titles and page URLs of subpages
  • Page properties such as emoji icon and reference to a cover image
  • Attachment metadata to determine image URLs

This data is processed in order to display the tiles. If page titles or content contain personal data, it is processed as part of the display. The content of the pages is not permanently stored by the App.

b) Configuration and layout data

  • Display options (e.g. color, variant, font sizes, responsive behavior, content to be shown)
  • Arrangement and size of the tiles (layout)
  • manually created tiles with custom title, link, emoji and image
  • Setting of who may edit the tile menu

This data is stored per macro instance in Atlassian storage (Forge Key-Value Storage).

c) Technical usage context

  • A technical instance identifier of the macro (localId)
  • the URL of your Confluence instance, page ID and space key
  • the license status of the App
  • the display mode set in the browser (light/dark mode)

The identity of the acting user is provided via the Atlassian login; the App does not independently collect or store any email addresses, names or account IDs.

5. Legal bases

Processing is carried out on the basis of Art. 6(1)(b) GDPR (performance of the usage relationship or provision of the requested App functionality) and Art. 6(1)(f) GDPR (legitimate interest in the technically error-free provision and display of the App). Insofar as the provider acts as a data processor, processing is carried out on the basis of the data processing relationship pursuant to Art. 28 GDPR.

6. Storage and retention period

a) Server-side storage (Atlassian Forge KVS)

Configuration and layout data is stored per macro instance in Atlassian storage. It remains there until the macro or the associated page is deleted or the App is uninstalled. There is no automatic deletion after a period of time.

b) Caching in the browser (localStorage)

To improve loading times, the App caches configuration, layout and page data (in your browser’s local storage, “localStorage”). The keys used are instance-specific (e.g. “<localId>config”, “<localId>layout”, “<localId>pageData” as well as a signal key for refreshing the view). This data remains in the browser until local storage is cleared. No cookies are set for this and no user profiles are created.

c) Content data from Confluence

Content data from Confluence is retrieved only on demand and is not permanently stored by the App.

7. Recipients and data processing

For execution and storage, the App exclusively uses Atlassian’s platform and storage services (Atlassian Forge). The provider of this platform is Atlassian. Atlassian processes the data as a sub-processor within the Forge infrastructure. You can find information on this at https://www.atlassian.com/legal/privacy-policy and https://www.atlassian.com/trust.

No personal data is disclosed to the provider SynthScript or to any other third parties for their own purposes. The App does not transmit any data to the provider’s own servers and does not integrate any third-party analytics, tracking or error-logging services.

8. External image content

If tiles are displayed with cover images, images may be loaded from the following sources:

  • images.unsplash.com
  • Atlassian domains (*.atlassian.net, *.atlassian.com)

When an external image is loaded, the IP address of your device is, for technical reasons, transmitted to the respective image provider. If, as an editor, you manually enter an external image URL as a tile image, the image is loaded from the source you specify.

9. Cookies and tracking

The App itself does not set any cookies and does not use any tracking or analytics technologies. No user profiles are created and no fingerprinting takes place. Any cookies of the Confluence platform are set by Atlassian and are subject to Atlassian’s privacy policy.

10. Data transfer to third countries

Data processing takes place via Atlassian’s infrastructure. Processing may also take place outside the European Union (in particular in the USA). Safeguarding is provided through the guarantees made available by Atlassian, in particular EU Standard Contractual Clauses. For details on data hosting and the safeguards, please refer to Atlassian’s information at https://www.atlassian.com/trust and https://www.atlassian.com/legal/privacy-policy.

11. Your rights

Within the framework of the statutory requirements, you have the right to:

  • Access to the data processed about you (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing (Art. 21 GDPR)

You can exercise these rights using the contact details above. As the provider itself does not store any personal data for its own purposes, requests for access and erasure regarding content and configuration data should generally be addressed to you as the operator of your Confluence instance, or to Atlassian as the platform operator. You can remove the App’s configuration and layout data yourself at any time by deleting the macro or uninstalling the App.

12. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data. The authority responsible for the provider is:

The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg
Lautenschlagerstraße 20, 70173 Stuttgart

13. Changes to this privacy policy

We reserve the right to amend this privacy policy so that it always complies with current legal requirements or in order to implement changes to the App’s functionality. The version in force at the time will then apply to your renewed use.