Last updated: 13 May 2025
This Privacy Policy explains how Baseliner.ai Limited ("Baseliner", "we", "us", or "our") collects, uses, stores, and protects personal information when you use the Baseliner platform, including the Baseliner app for Atlassian Jira, the Azure DevOps integration, the Excel file upload feature, and the Baseliner website at baseliner.ai (together, the "Service").
By using the Service, you acknowledge that you have read and understood this Privacy Policy.
1. Who We Are
1.1 Baseliner.ai Limited is a company incorporated in New Zealand, with its registered address at Conal Martin, 8 Zion Road, Birkenhead, Auckland, 0626, New Zealand.
1.2 For the purpose of applicable data protection laws, Baseliner acts as a data controller in respect of information it collects directly (such as account and website data), and as a data processor in respect of project and work item data processed on behalf of its customers.
1.3 Contact us:
2. What Information We Collect
2.1 Information you provide to us directly.
When you register, contact us, or configure the Service, we may collect:
- (a) business contact details such as name, work email address, job title, and organisation name;
- (b) account credentials including username and hashed password where applicable;
- (c) configuration preferences, integration settings, and communication history.
2.2 Data from Atlassian Jira.
When you install the Baseliner Jira app and grant the required permissions via the Atlassian Marketplace, we access and process the following data from your Jira instance:
- (a) projects and project categories;
- (b) boards, backlogs, and sprints;
- (c) issues and issue details including descriptions, comments, attachments, labels, statuses, priorities, custom fields, and JQL-based queries;
- (d) time logs, story points, and estimation fields; and
- (e) user profile information associated with issues, such as assignee and reporter names and usernames, to the extent required for project context and estimation.
This is a live API integration. Baseliner accesses Jira data using the permissions you grant in accordance with Atlassian’s data access and security requirements.
2.3 Data from Microsoft Azure DevOps.
When you connect your Azure DevOps account via OAuth, we access and process:
- (a) projects and teams;
- (b) work items, work item types, fields, and associated metadata;
- (c) iteration paths and area paths; and
- (d) user information associated with work items to the extent required for project context.
This is a live OAuth-based API integration. We access only the data that you authorise during the OAuth connection flow.
2.4 Data from Microsoft Excel file uploads.
When you upload an Excel (.xlsx) or CSV file to the Service, we process the contents of that file to extract project, task, or estimation data. We do not make any connection to Microsoft servers. Only the file you upload is processed. Uploaded files are treated as your content.
2.5 Automatically collected technical data.
When you access the Service or our website, we may automatically collect:
- (a) IP address;
- (b) browser type and version;
- (c) operating system;
- (d) pages visited and time spent;
- (e) API call logs, access timestamps, and error logs; and
- (f) referring URLs and device identifiers.
This information is used for security, troubleshooting, performance monitoring, and product improvement.
3. How We Use Your Information
3.1 To provide the Service. To authenticate users, connect to your Jira, Azure DevOps, or Excel data, process and analyse project data, generate estimations and insights, and where configured, write results back to Jira.
3.2 To maintain and operate the Service. To monitor performance, detect and fix bugs, maintain security, and ensure reliable operation.
3.3 To improve the Service. We may use aggregated or de-identified data to analyse usage patterns and improve features. We may also use project data and derived embeddings to train, fine-tune, or benchmark our AI and estimation models. See section 7 for your opt-out rights.
3.4 To communicate with you. To respond to support requests, send service notifications, provide product updates, and where applicable, send marketing communications. You can opt out of marketing at any time.
3.5 For legal and compliance purposes. To comply with applicable laws, respond to lawful requests from regulatory or government authorities, enforce our Terms of Use, and protect the rights, property, and safety of Baseliner and others.
4. Legal Basis for Processing
4.1 Where data protection laws such as the GDPR or similar legislation require a legal basis for processing, we rely on the following:
- (a) Performance of a contract: to provide and manage the Service you have subscribed to.
- (b) Legitimate interests: to operate, secure, and improve the Service, and to communicate with you about the Service.
- (c) Compliance with legal obligations: where required by applicable law.
- (d) Consent: where you have provided consent, for example for marketing communications or for AI model improvement use of your data.
4.2 Where we rely on legitimate interests, we balance those interests against your rights and interests and will not process data in a way that overrides your fundamental rights.
5. Data Storage and Hosting
5.1 Hosting location. The Service is hosted and operated on infrastructure provided by Rackmonk, located in India. All project data, derived data, and embeddings processed by the Service are stored in India.
5.2 International transfers. If you are based in the European Economic Area, the United Kingdom, or another jurisdiction with data transfer restrictions, please be aware that your data may be transferred to and processed in India and New Zealand, where Baseliner’s infrastructure and team operate. We take reasonable steps to ensure that such transfers are carried out in accordance with applicable data protection laws, including by implementing appropriate contractual safeguards where required. If you require a formal Data Processing Agreement or transfer mechanism documentation, please contact admin@baseliner.ai.
5.3 Data from Atlassian Jira. For the Jira app, Baseliner does not store full copies of Jira issues outside Atlassian. Only derived representations such as vector embeddings, metrics, and minimal configuration identifiers are stored on Baseliner infrastructure.
5.4 Data from Azure DevOps and Excel. Similarly, Baseliner stores only processed and derived representations of Azure DevOps work item data and Excel file content. Raw file contents are processed and not retained beyond what is necessary to generate outputs.
6. Data Retention
6.1 Project data and embeddings. We generally retain derived project data and related embeddings for up to 30 days, unless a different retention period has been agreed with the customer.
6.2 Account and contact data. We retain account and contact information for as long as your account is active and for a reasonable period after account closure to comply with legal obligations and to resolve disputes.
6.3 Technical logs. Operational logs and encrypted backups may be retained for a longer period for security, continuity, and legal compliance purposes, after which they are deleted or anonymised.
6.4 Upon uninstalling the Jira app, disconnecting Azure DevOps, or closing your account, we will delete or anonymise your project-derived data within 30 days of your written request, subject to any longer retention required by law or backup policies.
7. Your Choices and Opt-Outs
7.1 AI and model improvement opt-out. Baseliner may use project data and embeddings from your use of the Service to train, fine-tune, or benchmark AI models for general product improvement. You may opt out of this use at any time by contacting us at admin@baseliner.ai. If you opt out, we will restrict use of your data to providing the Service to you and essential security and maintenance activities. Your opt-out will not affect the quality of the Service you receive.
7.2 Marketing communications. If we send marketing emails, you can opt out at any time by clicking the unsubscribe link in the email or by contacting us at info@baseliner.ai.
7.3 Cookies and analytics. If we use cookies or analytics tools on our website, we will obtain your consent where required by law. You may manage cookie preferences through your browser settings.
8. Data Sharing and Disclosure
8.1 We do not sell your personal information to third parties.
8.2 Service providers. We share data with trusted third-party service providers who assist us in operating the Service, including our hosting provider Rackmonk in India. These providers are subject to confidentiality obligations and may only use your data to provide the services we have engaged them for.
8.3 Atlassian. When you use the Baseliner Jira app via the Atlassian Marketplace, Atlassian may have access to certain data in accordance with Atlassian’s own privacy policy. We are not responsible for Atlassian’s data handling practices.
8.4 Legal disclosures. We may disclose your information where required by law, court order, or government or regulatory request, or where we reasonably believe disclosure is necessary to protect the rights, property, or safety of Baseliner, our users, or the public.
8.5 Business transfers. If Baseliner is involved in a merger, acquisition, or sale of substantially all of its assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.
9. Security
9.1 We implement reasonable technical and organisational security measures to protect your information against unauthorised access, alteration, disclosure, or destruction. These measures include:
- (a) encryption of data in transit using TLS;
- (b) encryption of data at rest;
- (c) access controls and role-based permissions;
- (d) regular security reviews and monitoring; and
- (e) audit logging of access to sensitive data.
9.2 While we take these precautions, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.
9.3 Data breach notification. If we become aware of a personal data breach affecting your information, we will notify you without undue delay and in any event as soon as reasonably practicable, taking into account any obligations to contain the incident first. Our target notification timeline is within 24 hours of confirmed discovery where feasible.
10. Your Rights
10.1 Depending on where you are located and applicable data protection laws, you may have the following rights in relation to your personal information:
- (a) Right of access: to request a copy of the personal information we hold about you.
- (b) Right to rectification: to request correction of inaccurate or incomplete information.
- (c) Right to erasure: to request deletion of your personal information in certain circumstances.
- (d) Right to restriction: to request that we restrict processing of your information in certain circumstances.
- (e) Right to data portability: to receive your personal information in a structured, commonly used format.
- (f) Right to object: to object to processing based on our legitimate interests.
- (g) Right to withdraw consent: where processing is based on consent, to withdraw that consent at any time without affecting the lawfulness of prior processing.
10.2 To exercise any of these rights, please contact us at admin@baseliner.ai. We will respond within a reasonable timeframe and in accordance with applicable law.
10.3 Customer responsibility for end-user rights. Where Baseliner acts as a data processor on behalf of a customer, end users whose data is contained in Jira, Azure DevOps, or Excel data should direct requests to the customer organisation, who is the data controller. Baseliner will assist the customer in responding to such requests where reasonably required.
11. Children’s Privacy
11.1 The Service is not directed at children under the age of 18 and we do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us at admin@baseliner.ai and we will take steps to delete it promptly.
12. Third-Party Links and Services
12.1 The Service may contain links to or integrations with third-party websites or services, including Atlassian, Microsoft, and others. This Privacy Policy does not apply to those third-party services. We encourage you to review their privacy policies independently.
13. Changes to This Privacy Policy
13.1 We may update this Privacy Policy from time to time. When we make material changes, we will notify you via the Atlassian Marketplace listing, the Service, our website, or by email.
13.2 The updated Privacy Policy will apply from the effective date stated in the notice. Continued use of the Service after that date constitutes acceptance of the updated Privacy Policy.
14. Contact and Complaints
14.1 If you have any questions, concerns, or complaints about this Privacy Policy or our data handling practices, please contact us:
Baseliner.ai Limited
8 Zion Road, Birkenhead, Auckland, 0626, New Zealand
General: info@baseliner.ai
Legal and privacy: admin@baseliner.ai
Grievance officer: Amarjeet, amarjeet@baseliner.ai
14.2 If you are not satisfied with our response, you may have the right to lodge a complaint with the relevant data protection authority in your country of residence. In New Zealand, this is the Office of the Privacy Commissioner (www.privacy.org.nz).