Privacy Policy
Last updated: 2026-04-26
Effective date: Date of installation
This policy describes what data RunbookGuard processes when you install it in Confluence Cloud, where that data is stored, and how to delete it.
WebCorrect Pro ("we", "us") publishes RunbookGuard. The app is distributed via the Atlassian Marketplace and runs on Atlassian's Forge platform.
1. Data we process
1.1 Confluence content
When you trigger a scan, RunbookGuard reads the body of every Confluence page in the spaces you have granted it access to. The text is processed in memory — full page bodies are not stored to disk.
What we do persist after extraction:
- Extracted entities — IPs, hostnames, URLs, AWS resource IDs (e.g.
i-0abc123), and ARNs detected on the page - Page metadata — page ID, title, space key, last-modified timestamp, page URL
- A SHA-256 hash of the page body — for change detection on subsequent scans
- Findings — the cross-product of an extracted entity and the matching/missing AWS resource
1.2 AWS inventory
When you connect an AWS account, RunbookGuard fetches a read-only inventory of 12 AWS resource types (EC2, RDS, S3, Route53, ELB, ElastiCache, Security Groups, Subnets, VPCs, ECS, EKS, Lambda).
We never store secrets, environment variables, snapshot contents, object data, or anything else from the resources themselves — only the metadata returned by the AWS Describe* / List* / Get* calls.
1.3 Credentials
IAM Role (recommended): we store only the role ARN and a per-tenant External ID. No long-lived keys.
Access keys (legacy): if you provide an access key + secret, the secret is stored in Forge's encrypted secret KVS and never logged.
2. Where data is stored
All persisted data lives in Forge's per-tenant data stores inside your Atlassian Cloud instance: Forge SQL (1 GiB per install, isolated to your tenant) and Forge KVS (secrets only). We do not operate a separate database. Atlassian is the data processor for everything stored in Forge SQL/KVS.
3. Outbound data transfer
The app makes outbound network calls only to:
- AWS APIs (
*.amazonaws.com) — read-only inventory fetches, signed with your credentials - Resend (
api.resend.com) — to deliver the weekly digest email to the address you configured
No other outbound destinations are reachable; the Forge manifest's egress allowlist enforces this at the platform level.
4. Data retention
Findings, entities, and inventory snapshots are retained for the lifetime of your install, subject to per-category retention windows you configure in Settings → Storage (defaults: pages 90d, snapshots 30d, error logs 14d).
When you uninstall the app, Atlassian deletes all Forge SQL + KVS data within 30 days per Forge platform policy. We retain no copies.
5. Data sharing
We do not sell, rent, or share customer data with third parties. We do not use customer data to train AI/ML models. We do not maintain analytics that aggregate across tenants.
6. Your rights
- Access — every entity, finding, snapshot, and audit row is queryable from the dashboard
- Deletion — uninstalling the app removes all data within 30 days
- Correction — re-running a scan refreshes all derived data
- Portability — JSON export available on request from service@webcorrect.pro
7. Sub-processors
Atlassian — Forge runtime + per-tenant data store.
Amazon Web Services — your own AWS account; we make read-only API calls.
Resend — transactional email delivery.
8. Security
All persisted secrets are stored in Forge's encrypted KVS. AWS credentials never appear in application logs (verified by static analysis). Inbound webtrigger endpoints intended for support tooling are HMAC-authenticated with a 60-second replay window.
9. Children
RunbookGuard is a developer tool sold B2B and is not directed at children under 16.
10. Changes to this policy
We will post any updates to this page and update the Last updated date above. For material changes that reduce your privacy protections, we will additionally notify the digest recipient address on file.
11. Contact
Email: service@webcorrect.pro
Web: https://webcorrect.pro