Data Security and Privacy Statement

This statement relates to Risk Register for Jira Server and its Cloud-based variant, Risk Register for Jira Cloud. It does not cover this website, nor the ProjectBalm Support website.

What data do we store?

Risk Register for Jira Server does not exfiltrate any of your data from the machine that hosts Jira Server. All data are stored in the database management system that you have configured Jira Server to use.

Risk Register for Jira Cloud stores the following information on its own server:

  • Non-personal data identifying your Jira Cloud instance; and
  • Records of the risk registers that you create, including the names that you give to the risk registers, and the keys of projects associated with them; and 
  • The preferences and settings that you choose.

ProjectBalm does not store the keys, names, or any other details of the risks you record in Risk Register, nor do we store your risk assessments (impact and probability indications). All such data remain in your Jira Cloud instance.

For troubleshooting purposes, Risk Register for Jira Cloud stores technical logs for a period of up to 30 days.

Where is the data stored?

The data that ProjectBalm does store on your behalf resides on a secure server in Los Angeles, USA. ProjectBalm's database is not exposed to the Internet directly, residing in an network-isolated environment to which only the Risk Register application and its administrators have access.

People and access

Only authorized ProjectBalm staff have access to the logs and database-stored data.


ProjectBalm regularly backs up the data stored by Risk Register for Jira Cloud. The security protections around those backups are at least as comprehensive as the protections around the live database.


ProjectBalm understands the importance of ensuring the privacy of your personally identifiable information. We store data in our database only as a direct consequence of the operation of the Risk Register for Jira Cloud add-on, and only for that purpose. We will not sell or release those data to anyone, except that, if compelled disclose them by law, we will comply with such orders.