QR Hub for Confluence

QR Hub for Confluence
Trust Centre

Overview

QR Hub for Confluence is built to be the most privacy-respecting QR tool available on the Atlassian Marketplace. This page describes how the app handles data, what permissions it requests and why, and the infrastructure it runs on.

🔒 QR Hub for Confluence requests no write access of any kind. It cannot create, edit, or delete any content in your Confluence instance.

Data handling

What data does QR Hub access?

QR Hub reads three pieces of metadata to populate the content action modal: the page title, space name, content type and version, and the author display name. This data is displayed to the user in the modal UI and is never transmitted outside Atlassian’s infrastructure.

What data does QR Hub store?

None. QR Hub for Confluence has no persistent storage. No URLs, no page metadata, no user information, and no QR codes are stored anywhere — inside or outside Atlassian.

Is QR code generation client-side?

Yes. QR codes are generated entirely within the Atlassian Forge frontend runtime. The URL used to generate the QR code is never sent to any external server. No third-party QR generation API is used.

Does QR Hub use analytics or tracking?

No. QR Hub contains no analytics, no telemetry, no crash reporting, and no usage tracking of any kind.

Permissions & Scopes

QR Hub for Confluence requests the minimum permissions required to display page metadata in the content action modal. All scopes are read-only.

Scope Why it is needed
read:page:confluence Fetch the page title, content type, and version for the content action modal metadata display.
read:space:confluence Fetch the space name for the content action modal metadata display.
read:confluence-user Fetch the author display name for the content action modal metadata display.

✅ No write scopes are requested. QR Hub cannot create, edit, delete, or publish any content in Confluence. Ever.

Infrastructure

QR Hub for Confluence runs entirely on Atlassian Forge, Atlassian’s native cloud app platform. This means:

  • All app code executes within Atlassian’s sandboxed runtime.
  • No external servers, no custom backend, no third-party cloud services.
  • Data never leaves Atlassian’s infrastructure at any point.
  • App updates are distributed through the Atlassian Marketplace with no action required from administrators.

Compliance

  • GDPR — No personal data is stored or transmitted. The author display name is read briefly to render the UI and is never persisted.
  • SOC 2 — Inherited from Atlassian Forge’s infrastructure. Atlassian holds SOC 2 Type II certification.
  • Atlassian Cloud Security — QR Hub is subject to Atlassian’s Marketplace security review process.

Contact

Security concerns, questions about data handling, or trust inquiries can be sent directly to Agilva Solutions. Contact us here and we will respond within one business day.