Privacy Policy

Overview

SaMD Complaint Risk Assessment ("the App") is a Jira Cloud app built on Atlassian Forge that performs AI-assisted complaint triage for medical device quality teams. This Privacy Policy explains what data the App processes, how it is used, and where it goes.

The App is provided by Cahill Consulting Group LLC. If you have questions about this policy, contact us at cullom@cahillconsultinggroup.com.

What data is processed

When you run a risk assessment, the App sends two categories of data to Anthropic's API:

1. Issue content (from Jira)

• Issue title (summary)
• Issue description
• Issue comments
• Reporter name

2. Your product configuration (from Settings)

• Product name, type, and description
• User Needs
• Product Requirements
• Probability scale labels and descriptions
• Severity scale labels and descriptions
• Risk matrix configuration
• Additional context (if configured)

Configuration data is included in every prompt as context so the AI can assess issues against your specific product. It does not contain personal data unless you choose to include it in your configuration fields.

Why this data is processed

Issue content is sent to a third-party AI provider to perform defect classification and risk scoring — specifically, to determine whether the issue represents a product defect, assess the probability and severity of harm, and produce a final risk level aligned with ISO 14971.

Where issue data goes — Anthropic's API

Issue content is transmitted to Anthropic, PBC via their API at https://api.anthropic.com for processing by Claude, Anthropic's AI model.

The App does not store issue content. After the API call completes and the assessment result is returned to your Jira session, no issue data is retained by the App.

Anthropic's own data retention and privacy policies apply to data processed through their API. For details, see anthropic.com/privacy.

The App uses your organization's own Anthropic API key, which is entered in the App's Settings panel. Cahill Consulting Group LLC does not have access to your API key or to any issue content sent through it.

What IS stored — configuration data only

The App stores only your configuration settings using Atlassian Forge Storage. This includes:

• Your Anthropic API key
• Product name, type, and description
• User Needs and Product Requirements you define
• Probability and severity scale definitions
• Risk matrix configuration

This configuration data is stored within the Atlassian platform and is subject to Atlassian's Privacy Policy. Cahill Consulting Group LLC does not access, export, or share this configuration data.

Jira permissions used

Data retention summary

• Issue content — not retained by this App after the API call completes
• Configuration data — stored in Atlassian Forge Storage until you uninstall the App or clear your settings
• Anthropic processing — subject to Anthropic's data retention policies; see anthropic.com/privacy

Your rights (GDPR)

If your organization is based in the European Union or United Kingdom, you may have rights under the General Data Protection Regulation (GDPR) or UK GDPR, including the right to access, correct, or request deletion of personal data. Since the App does not store personal data beyond what Atlassian's platform retains for configuration, most data requests should be directed to Atlassian or Anthropic directly.

For any privacy-related inquiries, contact us at cullom@cahillconsultinggroup.com.

Changes to this policy

We may update this Privacy Policy as the App evolves. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the App after a policy update constitutes acceptance of the revised policy.

Contact

Cahill Consulting Group LLC
cullom@cahillconsultinggroup.com
LinkedIn