Docs

Appearance

Privacy Policy

Effective Date: March 2026 Provider: Norda (norda.is) Product: Clarento — Digital Asset Manager for Atlassian Jira & Confluence

1. Introduction

This Privacy Policy explains how Norda ("we", "us", "our") collects, uses, and protects information when you use Clarento, a cloud-hosted digital asset management application that runs on Atlassian Forge.

We are committed to protecting your privacy and handling your data transparently and responsibly.

2. Information We Collect

2.1 Information from Atlassian

When you install Clarento on your Atlassian site, we receive:

  • Atlassian Account ID — a unique identifier for each user (we do not receive your email, name, or password)
  • Site information — your Atlassian Cloud site identifier

2.2 Information You Provide

When you use Clarento, you may provide:

  • Asset files — images, videos, documents, and fonts you upload
  • Asset metadata — names, descriptions, tags, and other information you enter
  • Collections — collection names, descriptions, and sharing settings
  • Brand portal content — brand guidelines, colors, typography, and logos
  • Storage configuration — Supabase connection credentials

2.3 Information Generated Automatically

  • AI-generated metadata — when AI features are enabled, auto-generated tags, descriptions, and extracted text (OCR)
  • Usage data — Atlassian Forge runtime logs (managed by Atlassian, not stored by Norda)

3. How We Use Information

We use the information collected to:

  • Provide and operate the Clarento application
  • Store and manage your digital assets
  • Generate AI-powered tags and descriptions (when enabled)
  • Share collections and brand portals as configured by you
  • Provide customer support
  • Improve and maintain the service

We do not use your data for advertising, profiling, or selling to third parties.

4. Where Data Is Stored

Data TypeLocationProvider
App configurationAtlassian Cloud (your region)Atlassian Forge KVS
Asset metadataCustomer-configured regionSupabase
Asset filesCustomer-configured regionSupabase Storage
AI processingUSAnthropic

Important: Your asset files and metadata are stored in your own Supabase project, which you control. Norda does not have access to your Supabase credentials or data outside of the Forge application runtime.

5. Third-Party Services

Clarento integrates with the following third-party services:

Atlassian Forge

Clarento runs on Atlassian Forge. Your use of Forge is governed by Atlassian's Privacy Policy.

Supabase

Asset files and metadata are stored in your Supabase project. Your use of Supabase is governed by Supabase's Privacy Policy.

Anthropic

When AI features are enabled (auto-tagging, OCR, descriptions), image data is sent to Anthropic's API for processing. Anthropic does not retain submitted data for training purposes per their data policy. You can disable AI features at any time.

6. Data Sharing

We do not sell, rent, or trade your personal information.

We may share information only in the following circumstances:

  • With your consent — when you explicitly share collections or brand portals publicly
  • Service providers — with third-party services listed above, as necessary to operate Clarento
  • Legal requirements — if required by law, regulation, or legal process
  • Business transfers — in connection with a merger, acquisition, or sale of assets (with prior notice)

7. Data Retention

  • Asset files and metadata are retained in your Supabase project for as long as you maintain them. We do not independently store copies.
  • Forge KVS data (app configuration) is retained while the app is installed and automatically deleted by Atlassian upon uninstallation.
  • AI processing is transient — images are sent to Anthropic for analysis and not retained after processing.
  • Support correspondence is retained for up to 2 years after resolution.

8. Your Rights

You have the right to:

  • Access — request a copy of your data
  • Correction — update or correct your information
  • Deletion — request deletion of your data
  • Export — export your assets and metadata from Clarento
  • Restrict processing — disable AI features or limit data processing
  • Withdraw consent — uninstall Clarento at any time

To exercise any of these rights, contact us at norda@norda.is.

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • All data in transit is encrypted via TLS/HTTPS
  • Asset metadata is encrypted at rest in Supabase PostgreSQL
  • Supabase storage credentials are encrypted at rest in Atlassian Forge KVS
  • No customer data is stored on Norda's own infrastructure
  • We will notify affected customers within 72 hours of discovering a data breach

10. Children's Privacy

Clarento is a business application and is not directed at children under 16. We do not knowingly collect information from children.

11. International Transfers

Data may be processed in jurisdictions outside your country, including:

  • Atlassian Forge — processed in your Atlassian Cloud region
  • Supabase — processed in your chosen Supabase region
  • Anthropic — processed in the United States (AI features only)

Where data is transferred internationally, we rely on the data protection measures provided by each service provider.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by:

  • Posting a notice in the Clarento application
  • Updating the "Effective Date" at the top of this page

Continued use of Clarento after changes constitutes acceptance of the updated policy.

13. Contact

For privacy-related questions or requests:

Emailnorda@norda.is
AddressSuðurlandsbraut 10, 108 Reykjavík, Iceland
Phone+354 503 0303

Last updated: March 2026

Built by Norda

Copyright © 2026 Norda (norda.is)