Privacy
Policy.
1. Controller
Verdaro Labs (Inh. Burak Erol)
Margaretenstr. 11, 10317 Berlin, Germany
Email: support@verdarolabs.com
Phone: +49 30 81309146
2. What this policy covers
This Privacy Policy applies to verdarolabs.com (this informational website), contact/support requests submitted through Verdaro Labs channels, and Verdaro Labs Atlassian Marketplace apps where this policy is linked.
3. The short version
- No analytics, no ads, no tracking.
- No marketing cookies, no profiling.
- Fonts are served locally.
- Basic technical logs may be processed to operate the site securely.
4. Hosting and technical logs
This website is hosted by a provider with infrastructure located within the EU/EEA.
When you access the website, the hosting provider may process technical information required to deliver the site and protect it ("server logs"), such as:
- IP address
- date/time of access
- requested page/file
- browser/operating system information
- referrer URL (if provided)
- status/error codes
Purpose: website delivery, stability, and security (e.g., preventing abuse).
Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
Retention: only as long as necessary for security and troubleshooting.
Important scope note: This applies only to this website. It does not mean client systems or Atlassian environments are hosted there.
5. Cookies, analytics, and third-party services
Verdaro Labs does not use:
- analytics (e.g., Google Analytics)
- advertising or tracking pixels
- fingerprinting
- marketing cookies
Fonts are delivered locally from this website (no requests to third-party font providers).
Form delivery and spam protection (contact form): The contact form is delivered and processed by Web3Forms, a form-backend service that transmits your submission to Verdaro Labs by email and applies automated spam filtering (including a hidden honeypot field and server-side checks) to confirm that the submission is not automated. When you submit the form, the details you enter together with technical signals from your browser (e.g. IP address and user-agent) are processed by Web3Forms to deliver your message and filter spam. No analytics or advertising profile is built from this check.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual/contract) and Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries and preventing spam and abuse of the contact form).
Transfers: Web3Forms may process the submission on infrastructure outside the EU/EEA; where this is the case, such transfers are subject to appropriate safeguards under the provider's data processing terms.
More information: https://web3forms.com/privacy.
If further third-party services are added in the future (e.g., a scheduling tool), this policy will be updated before they are enabled.
6. Contact and support
Contact form and email: If you use the contact form or email Verdaro Labs directly, the data you provide (e.g. name, work email, company, the products you use, and your message) is processed to respond to your enquiry and, where applicable, to take pre-contractual steps.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual/contract) and/or Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries).
Mandatory fields are marked with an asterisk; without them your request cannot be processed. All other information is optional.
Retention: only as long as needed to handle your request and meet legal retention obligations (e.g. § 257 HGB, § 147 AO where applicable).
Atlassian app support portal: For app support, Verdaro Labs links to its Jira Service Management portal:
https://verdarolabs.atlassian.net/servicedesk/customer/portal/1
If you submit a request there, Atlassian Pty Ltd acts as a processor on behalf of Verdaro Labs under a data processing agreement (Art. 28 GDPR). Atlassian processes personal data under its own privacy information and sub-processor list.
7. Atlassian Marketplace apps
Where Verdaro Labs provides an Atlassian Marketplace app, the app runs in Atlassian Cloud/Forge unless stated otherwise for a specific app. Atlassian provides the hosting and platform infrastructure for Forge apps.
For Secret Notes for Jira & JSM, the app processes data required to provide the app functionality, such as Atlassian site/tenant identifiers, Jira issue or JSM request references, note titles, creator and audience metadata (for example account IDs, display names, selected users/groups), expiry/status metadata, reveal/revoke/audit metadata, and technical counters/limits used for abuse prevention and reliability.
Secret note plaintext is stored in the Atlassian Forge Secret Store and is not intentionally written to Jira fields, Jira/JSM comments, issue/request properties, normal Forge KVS metadata, logs, analytics, or external Verdaro Labs servers. The app does not use external telemetry or advertising trackers.
Purpose: providing the app, enforcing reveal/revoke permissions, maintaining auditability, preventing abuse, handling support, and complying with Atlassian Marketplace or legal obligations.
Legal basis: Art. 6(1)(b) GDPR where processing is necessary for contract performance or pre-contractual steps, and/or Art. 6(1)(f) GDPR for secure operation, support, fraud/abuse prevention, and service improvement.
Retention: app data is retained only as long as needed for the app functionality and applicable operational/legal obligations. App lifecycle controls may delete or expire secrets according to their configured policy. For Secret Notes, app data is also designed to be purged on app uninstall, subject to Atlassian platform behavior and backup/retention mechanisms outside Verdaro Labs' direct control.
Important security boundary: when a user reveals or copies a secret, that user is responsible for handling the plaintext securely. Clipboard contents may be stored or synchronized by the user's operating system, browser, or third-party clipboard tools outside the app's control.
8. Your rights
You have the right to request access, rectification, erasure, restriction, data portability, and to object to processing based on legitimate interests (Art. 15–21 GDPR).
To exercise your rights, contact: support@verdarolabs.com
9. Complaints
You have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The competent authority for Verdaro Labs' place of business is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59–61, 10555 Berlin, Germany
www.datenschutz-berlin.de
10. Updates
This policy may be updated if the website changes. The "Last updated" date reflects the current version.