Effective date: 31 Mar 2026
Last updated: 31 Mar 2026

This policy explains how AOBRAIN SYSTEMS SL uses AI model infrastructure for EpicStory in Jira Cloud, how data is handled in AI workflows, and what controls apply in our current operating mode.

This policy is operational guidance and product disclosure. It is not legal advice.

1. Scope

This policy applies to EpicStory AI generation and regeneration features in Jira Cloud, including:

• Forge resolver and queue-based generation flows
• AWS Bedrock inference calls used by the production path
• Telemetry and observability related to AI operations

2. Current model provider posture

For the current production path, EpicStory uses AWS Bedrock for model inference.

• Primary integration path: Jira Forge -> EpicStory resolvers/consumers -> AWS Bedrock
• Processing location can vary by tenant region, configured endpoint routing, and platform/runtime behavior
• Available endpoint coverage currently includes EU and US Bedrock runtime endpoints

EpicStory should not be understood as a strict same-region-as-Jira or single-country processing service based on current public routing disclosures alone.

If processing occurs outside the EEA, applicable transfer safeguards are addressed in our Privacy Policy and DPA.

3. Data sent for AI processing

Depending on feature usage, generation requests may include:

• Jira epic/issue text needed to generate draft stories and subtasks
• User prompt instructions and selected item context for regeneration
• Technical request metadata required for operation and reliability

EpicStory is designed to send only the data needed for the requested generation task.

4. Training and model improvement

AOBRAIN does not intentionally use customer Jira content to train public AI models.

Model-provider processing terms are handled under applicable provider and contractual frameworks.

5. Human review and output limitations

AI output is generated content and may contain mistakes, omissions, or irrelevant suggestions.

Customers are responsible for human review before publishing generated work items to Jira projects.

EpicStory provides AI-generated drafts and workflow assistance. It is not presented as an autonomous decision-maker, security reviewer, or legal/compliance reviewer.

6. Logging and telemetry

EpicStory supports external observability controls.

In the current operating mode used for Marketplace review alignment:

• External logging and telemetry may be enabled
• Operational metadata, usage metrics, and technical error information can be sent to approved observability tooling
• We apply controls to reduce unnecessary exposure of sensitive content

Application telemetry is designed to exclude Jira issue text, prompts, descriptions, comments, and generated output content.

Telemetry and logging behavior can change with deployment/runtime settings. Public policy text is updated when material behavior changes.

7. Retention and deletion

Retention periods vary by data class (application storage, telemetry, support, and legal obligations).

Authoritative retention and processing commitments are described in:

• Privacy Policy
• Data Processing Addendum (DPA)

8. Security and governance posture

EpicStory is designed with controls for:

• encrypted transport and secure infrastructure defaults
• access-controlled operational workflows
• auditability and change-tracking for product operations

Claims about certifications or legal compliance status are provided only where evidence is available and current.

9. Related documents

• Privacy Policy
• Data Processing Addendum
• Terms of Service

10. Contact

For AI data handling or privacy questions:

• privacy@aobrain.com
• security@aobrain.com