Data Security and Privacy Statement

This statement relates to Risk Register for Jira Server and its Cloud-based variant, Risk Register for Jira Cloud. It does not cover this website, nor the ProjectBalm Support website.

What data do we store?

Risk Register for Jira Server does not exfiltrate any of your data from the machine that hosts Jira Server. All data are stored in the database management system that you have configured Jira Server to use.

Risk Register for Jira Cloud stores the following information on the ProjectBalm server:

  • identifying key for the Jira Cloud instance that hosts Risk Register
  • base URL of the Jira Cloud instance
  • Support Entitlement Number (SEN) of the Jira Cloud instance
  • version of the Jira Cloud instance
  • version of the add-on framework running in the Jira Cloud instance
  • OAuth 2.0 client ID for Risk Register
  • status of the Risk Register add-on in the Jira Cloud instance
  • risk model definitions (names, id, and description of model elements)
  • project specific items:
    • the numeric project ID (e.g. 10701)
    • the numeric ID of the issue type representing risks (e.g. 10100)
    • the name of the risk register

ProjectBalm does not store the keys, names, or any other details of the risks you record in Risk Register, nor do we store your risk assessments (impact and probability indications). All such data remain in your Jira Cloud instance.

For troubleshooting purposes, Risk Register for Jira Cloud stores technical logs for a period of up to 30 days.

Where is the data stored?

The data that ProjectBalm does store on your behalf resides on a secure server in Frankfurt, Germany. ProjectBalm's database is not exposed to the Internet directly, residing in an network-isolated environment to which only the Risk Register application and its administrators have access.

People and access

Only authorized ProjectBalm staff have access to the logs and database-stored data.


ProjectBalm regularly backs up the data stored by Risk Register for Jira Cloud. The security protections around those backups are at least as comprehensive as the protections around the live database.


ProjectBalm understands the importance of ensuring the privacy of your personally identifiable information. We store data in our database only as a direct consequence of the operation of the Risk Register for Jira Cloud add-on, and only for that purpose. We will not sell or release those data to anyone, except that, if compelled disclose them by law, we will comply with such orders.

Service Exit

When a customer deinstalls ProjectBalm, we automatically sanitize all of our computing resources of any tenant data.