Cloudscript Renderer for MCP Documentation Privacy Policy

Effective on and from the date the Cloudscript Renderer for MCP Documentation app is first listed on the Atlassian Marketplace.

Who we are

Cloudscript Renderer for MCP Documentation is provided by Patrick Roumanoff trading as Cloudscript (ABN 72 287 293 373) ("Cloudscript.io", "we", "us"), an Australian sole trader. If you have questions about this policy or the app's handling of data, contact us at support@cloudscript.io.

This policy describes the app as built: the wording reflects the permissions it actually requests, the way it renders your document, and the one backend function it runs. It does not describe a future or intended version of the app.

Summary

Cloudscript Renderer for MCP Documentation renders a pasted Model Context Protocol (MCP) Registry server.json document or tools/list result as structured, readable Confluence documentation. The app runs on Atlassian's Forge platform, inside your own Atlassian environment, and draws the document in the viewer's browser. It requests no Confluence permissions, declares no egress destination of any kind, and operates no storage of its own: the only place your pasted source persists is the macro's own configuration on the Confluence page. A single small backend function exists only to make PDF/Word export and page-history views show the document correctly (see "Export and page-history rendering" below); it is a stateless, per-request transform that stores nothing. The app uses no analytics, cookies, or trackers of any kind: its zero-egress design means it makes no request to any analytics or tracking service, and no such capability exists in its code. This is consistent with our Atlassian Marketplace declaration for the app. The in-product macro is titled "MCP Server Documentation".

What data Cloudscript Renderer for MCP Documentation collects

The only input the app works with is the MCP artefact you paste into the macro's own configuration: a Model Context Protocol Registry server.json document or a tools/list result, in whichever form you provide it (bare or JSON-RPC-enveloped). The app also stores an optional format setting you may choose (auto, server-json, or tools-list), which overrides its automatic detection of which of the two formats you pasted. Either may contain whatever you choose to put in it, including personal data if you include it (for example, in a maintainer field or a free-text description).

The app requests no Confluence permissions at all: its manifest declares an empty set of scopes (scopes: []). It does not request permission to read your pages, modify pages, administer your site, or read user account details, email addresses, or directory information, and it collects no account identifiers of any kind.

Where data is stored and processed

The MCP artefact you paste, and the optional format setting, are saved as part of the macro's own configuration on the Confluence page, using Confluence's standard configuration mechanism for Forge Custom UI macros. The app declares no storage of its own: its manifest contains no storage key, and no storage or key-value API is called anywhere in its code. It does not operate a database and holds no separate copy of your content on any Cloudscript.io system.

When a page containing the macro is viewed, the pasted source is read from that configuration and rendered inside the macro's own frame in your browser: the format is detected (or read from your override setting), parsed, and drawn as capability cards, tables, and code-snippet views, entirely on the spot in the viewer's browser.

Egress destinations and sub-processors

The app declares no egress at all: its manifest contains no remotes key and no external.fetch declaration of any kind, not even an empty placeholder. It makes no network request to any destination outside Atlassian's platform.

Where a pasted MCP artefact includes a registry, repository, or schema link, the app renders that link as clickable text. If you click it, the app hands the already-validated web address to your browser to open in a new tab. That is your browser's own navigation, carried out by Atlassian's Forge host, not a network request the app itself makes; the app does not fetch, preview, or otherwise contact the destination.

The app introduces no sub-processors: it has no destination to name one for. Atlassian operates the Forge platform on which the app executes and hosts the Confluence page that holds the macro configuration, under your own agreement with Atlassian, not under any arrangement with us.

Export and page-history rendering

The app includes one small backend function, adfExport, that runs inside Atlassian's Forge environment. Because the live document is drawn in your browser when you view the page, exporting the page to PDF or Word, or viewing its version history, would otherwise show nothing where the macro sits. To avoid that, this function reads the pasted source and the format setting from the export request, converts them into the same structured document (headings, tables, code blocks) as the live view, and returns the result. If the source cannot be parsed, it returns the raw pasted source in a code block instead, so an export is never blank.

The function is a stateless, per-request transform: it holds the source only for the duration of a single export request, stores nothing, and does not transmit your content to Cloudscript.io or to any third party.

Retention

The app itself sets no retention period, because it stores nothing itself. The pasted source's retention is coextensive with the Confluence page and macro's own lifetime: it persists for as long as the macro remains on the page, under your organisation's own management of that page.

Data residency

The app operates no storage of its own, so there is no separate Cloudscript.io location where your pasted source resides. It exists only within the Confluence page in your own Confluence Cloud site, and so follows whatever data-residency configuration your organisation has set for that site under your own agreement with Atlassian.

The app's zero-scope, zero-egress, zero-storage design is the most favourable shape for the residency-pinning eligibility Atlassian offers Forge apps, and we intend to pursue that eligibility. No specific residency badge or certification is claimed in this policy; this section will be updated once eligibility is confirmed. For how Atlassian itself handles data residency for Forge and Confluence Cloud, refer to Atlassian's own documentation; for the app's security posture more generally, see our Security and Trust pages.

Uninstall, revocation and deletion

The app declares no storage of its own and includes no custom uninstall or deletion process in its code: the only backend function it runs, adfExport, is a stateless per-request transform, not a lifecycle hook. Cloudscript.io holds no separate copy of your content to retain or delete in any event.

Uninstalling the app does not delete the macro's configuration. Because the pasted source and format setting are stored in the Confluence page's own storage format, not in any storage the app operates, they remain on the customer's page after the app is uninstalled. They are removed only when the macro or the page itself is deleted, under your organisation's own Confluence data controls.

Your rights

This policy is written to the content standard of the Australian Privacy Principles under the Privacy Act 1988 (Cth). Because the app requests no scopes and stores no content on any Cloudscript.io system, the personal data we are likely to hold about you is limited to any support correspondence you choose to send us. If you believe we hold personal data about you, or wish to access or correct it, contact us at support@cloudscript.io and we will respond within a reasonable period. Complaints about our handling of personal data can be made to the same address; if you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (oaic.gov.au).

For personal data you choose to place within the pasted MCP artefact itself, that text is stored with the Confluence page in your own Confluence Cloud site and is subject to your organisation's own handling of that page. Requests to access, correct, or delete such content should be directed to the organisation that operates the relevant Confluence site, not to us.

Cloudscript.io is a software supplier for this app, not a GDPR controller or processor and not a CCPA business or service provider. We request no Confluence or Jira permissions, declare no external network egress, and hold no copy of your content on any system we operate, so we have no personal data of yours to act on beyond what you send us directly (see "For personal data you choose to place within the pasted MCP artefact itself" below, and the Support correspondence noted at the top of "Your rights"). No Data Processing Addendum applies or is required for this app. We do not transfer your content outside the European Economic Area: any cross-border movement of your content follows the residency of your own Confluence site under your own agreement with Atlassian, not a transfer we make.

Security and data breach notification

Our approach to securing the platform this app runs on, managing vulnerabilities, and responding to security incidents (including notifying affected customers of a confirmed data breach without undue delay) is described on our Security page, which applies across our apps. If you believe you have found a security vulnerability in this app, email support@cloudscript.io.

Changes to this policy

If a future version of the app changes what it accesses, stores, or transmits, this policy will be updated to describe that behaviour before that version is released, and the effective date above will change accordingly.

Contact

Patrick Roumanoff trading as Cloudscript (ABN 72 287 293 373)
Support: support@cloudscript.io