Privacy Policy
Last updated: June 8, 2026
Overview
Xorent, Inc. ("Xorent", "we", "us", or "our") provides cloud software products for enterprise teams, including XTM — AI Test Management by Xorent ("XTM"), XRR — AI Risk Registry by Xorent ("XRR"), and XTS — AI Timesheet by Xorent ("XTS"). XTM, XRR, and XTS are Atlassian Forge apps for Jira Cloud, each with its own workspace (tm.xorent.com, rr.xorent.com, and ts.xorent.com). This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our websites, products, and services.
How this policy is organized
Xorent operates multiple products. Data practices can differ by product—for example, what is stored in Jira worklogs (XTS) versus a risk register (XRR) versus test artifacts (XTM). The sections below describe each product where practices differ. Product-specific privacy summaries may also be published on each product domain. Corporate and shared practices that apply across Xorent are described in the general sections under XTM and at the end of this policy.
XTM — AI Test Management by Xorent
This section applies when you use XTM — AI Test Management by Xorent, including the Forge app in Jira Cloud and the workspace at https://tm.xorent.com. The following subsections describe information collection, use, sharing, retention, and your rights for XTM and Xorent corporate services unless a product-specific section below states otherwise.
Information We Collect
- Account and profile information such as name, work email, company, and role.
- Usage and diagnostic data including logs, telemetry, and feature interaction events.
- Integration data from connected tools (for example Jira, GitHub, or CI systems), as authorized by you.
- Support and communication data, including requests submitted to customer support.
How We Use Information
- To provide, maintain, and improve our platform.
- To secure the service, detect abuse, and prevent fraud.
- To respond to support requests and communicate updates.
- To comply with legal obligations and enforce our terms and policies.
Data Sharing
We do not sell personal information. We may share information with service providers, integration partners you enable, and legal authorities when required by law.
Data Retention and Security
We retain personal information for as long as needed to provide services, meet contractual requirements, and satisfy legal obligations. We maintain administrative, technical, and physical safeguards designed to protect information.
Your Rights
Depending on your location, you may have rights to access, update, delete, or restrict processing of personal information. To submit a request, contact us at privacy@xorent.com.
XTM support and privacy contacts
- Product app: https://tm.xorent.com
- Support: support@xorent.com
XRR — AI Risk Registry by Xorent (Atlassian Forge app)
This section applies when you install or use XRR — AI Risk Registry by Xorent from the Atlassian Marketplace or connect it to your Jira Cloud site. XRR is a risk management service operated by Xorent. The Forge app runs inside Jira; risk register data is processed and stored on Xorent-hosted infrastructure at https://rr.xorent.com unless otherwise agreed in writing.
Information we collect for XRR
In addition to the categories described in the XTM section above, XRR may collect and process:
- Atlassian identity data — Atlassian account ID, display name, and email address when you sign in, connect OAuth, or use the Forge app inside Jira.
- Risk register content — risk entries, assessments, treatments, review history, audit logs, configuration, and metadata you create or import in XRR.
- Jira integration data — Jira issue keys, project keys, issue fields, and related metadata needed to link risks to Jira issues when you enable sync, webhooks, or push/pull features.
- Tenant and licensing data — organization/tenant identifiers, Forge installation IDs, Atlassian cloud site IDs, and Marketplace license status used to provision access and enforce subscriptions.
- Technical and security data — API request logs, authentication events, error diagnostics, and audit records required to operate, secure, and support the service.
We do not sell personal information collected through XRR.
How we use XRR information
We use XRR data to:
- Provide, maintain, and improve risk register features you configure.
- Authenticate users, enforce multi-tenant isolation, and validate Atlassian Marketplace entitlements.
- Synchronize risk data with Jira when you enable integrations.
- Respond to support requests, security incidents, and legal obligations.
Where XRR data is stored
XRR production data is hosted on infrastructure operated by Xorent (including Amazon Web Services in the United States) and, where configured, database services such as Supabase. When you use XRR inside Jira, Atlassian also processes data according to Atlassian's policies and your organization's Atlassian settings.
Security safeguards (XRR)
We protect XRR data using administrative, technical, and organizational measures appropriate to the sensitivity of the information, including encryption in transit (TLS) for connections between Jira, the Forge app, and https://rr.xorent.com; tenant-scoped access controls so each customer's risk register data is isolated; and encryption for sensitive credentials such as integration tokens where stored on our systems. No method of transmission or storage is completely secure; we monitor and improve our safeguards as the service evolves.
Forge app storage (XRR)
The XRR Forge app uses Atlassian Forge app storage to hold site-specific configuration needed to operate the integration—for example your connected API base URL, OAuth-related settings, navigation state, and Forge installation context tied to your Jira site. This data stays within Atlassian's Forge platform for your installation and is used only to connect the in-Jira experience to your XRR workspace. Risk register content itself is stored on Xorent-hosted infrastructure at https://rr.xorent.com, not in Forge app storage.
Data retention (XRR)
We retain XRR customer data for the duration of your subscription and for a reasonable period afterward for backup, dispute resolution, and legal compliance. You may request deletion by contacting us; deletion may be subject to contractual requirements and applicable law.
Your choices (XRR)
Depending on your role and configuration, you may:
- Disconnect Jira OAuth and revoke API tokens from the XRR admin settings in Jira.
- Uninstall the Forge app from Jira Admin → Apps.
- Contact us to access, correct, export, or delete personal data where applicable law provides those rights.
Atlassian Marketplace purchases (XRR)
If you purchase XRR through the Atlassian Marketplace, subscription billing and license management are handled by Atlassian. This Privacy Policy describes how Xorent processes XRR service data; refer to Atlassian's privacy policy for Marketplace checkout, billing, and Atlassian account data.
XRR support and privacy contacts
- Product support: https://rr.xorent.com/support or support@xorent.com
- Privacy requests: privacy@xorent.com
- Security reports: security@xorent.com
For the XRR product-specific privacy summary, see https://rr.xorent.com/privacy.
XTS — AI Timesheet by Xorent (Atlassian Forge app)
This section applies when you install or use XTS — AI Timesheet by Xorent from the Atlassian Marketplace or connect it to your Jira Cloud site. XTS is a time-tracking service operated by Xorent. The Forge app runs inside Jira; time entries are stored as native Jira worklogs, with additional metadata and configuration processed on Xorent-hosted infrastructure at https://ts.xorent.com unless otherwise agreed in writing.
Information we collect for XTS
In addition to the categories described in the XTM section above, XTS may collect and process:
- Atlassian identity data — Atlassian account ID, display name, and email address when you use the Forge app, admin settings, or connected portal features.
- Worklog and timesheet data — hours logged, periods submitted, approval status, billable flags, billing accounts, CapEx/OpEx metadata, and related worklog properties stored in Jira or Forge storage.
- Jira integration data — Jira issue keys, project keys, worklog IDs, and issue fields needed to log time, run approvals, and generate reports.
- Billing and workforce data — team assignments, rate rules, budget configuration, and finance-related exports you enable (for example invoice or accounting CSV output).
- Tenant and licensing data — organization/tenant identifiers, Forge installation IDs, Atlassian cloud site IDs, and Marketplace license status used to provision access and enforce subscriptions.
- Technical and security data — API request logs, authentication events, error diagnostics, and audit records required to operate, secure, and support the service.
We do not sell personal information collected through XTS.
How we use XTS information
We use XTS data to:
- Provide, maintain, and improve timesheet, approval, and reporting features you configure.
- Authenticate users, enforce multi-tenant isolation, and validate Atlassian Marketplace entitlements.
- Store and sync time entries with native Jira worklogs when you log time from issues or the weekly grid.
- Support billing, compliance exports, and AI-assisted pre-fill where enabled by your administrator.
- Respond to support requests, security incidents, and legal obligations.
Where XTS data is stored
Core time entries are stored as native Jira worklogs in your Jira Cloud site. Additional metadata, admin configuration, and portal features may be hosted on infrastructure operated by Xorent (including Amazon Web Services in the United States) and Forge SQL storage. When you use XTS inside Jira, Atlassian also processes data according to Atlassian's policies and your organization's Atlassian settings.
Data retention (XTS)
We retain XTS customer configuration and operational data for the duration of your subscription and for a reasonable period afterward for backup, dispute resolution, and legal compliance. Jira worklog retention follows your Jira site settings and administrator policies. You may request deletion of Xorent-held data by contacting us; deletion may be subject to contractual requirements and applicable law.
Your choices (XTS)
Depending on your role and configuration, you may:
- Adjust timesheet and approval settings from the XTS admin page in Jira.
- Uninstall the Forge app from Jira Admin → Apps.
- Contact us to access, correct, export, or delete personal data where applicable law provides those rights.
Atlassian Marketplace purchases (XTS)
If you purchase XTS through the Atlassian Marketplace, subscription billing and license management are handled by Atlassian. This Privacy Policy describes how Xorent processes XTS service data; refer to Atlassian's privacy policy for Marketplace checkout, billing, and Atlassian account data.
XTS support and privacy contacts
- Product portal: https://ts.xorent.com
- Support: support@xorent.com
- Privacy requests: privacy@xorent.com
- Security reports: security@xorent.com
For the XTS product-specific privacy summary, see https://ts.xorent.com/privacy.
Contact Us
Questions about this Privacy Policy can be sent to privacy@xorent.com. For product-specific inquiries, use the contacts listed in the XTM, XRR, or XTS sections above.