Bevel
EN Kontakt aufnehmen

Rechtliches

Privacy Policy

How the Bevel Knowledge Base collects, uses, and protects data. This policy is provided in English.

This privacy policy explains how the Bevel Knowledge Base and the products and integrations around it — the web application (e.g. unite.bevel.software), the AI assistant, the source-system connectors, and the Atlassian (Jira/Confluence) app — collect, use, and protect data, and what your rights are in relation to it.

Latest update: 10 June 2026

What the Bevel Knowledge Base is

The Bevel Knowledge Base is a single, version-controlled source of truth that consolidates process and product knowledge from across an organisation. Authorised users read and edit knowledge-base content through a web application and, optionally, directly inside Atlassian Jira via the "Bevel Knowledge Base" app. An AI assistant helps maintain the knowledge base, and connectors keep it in sync with the organisation's existing systems (such as Confluence, Jira, and SharePoint).

Summary

Data we collect

  • Identity and account data (email and name) from shared-password sign-in or "Sign in with Microsoft", and — for the Jira app — your Atlassian account ID, email, and display name.
  • Knowledge-base content you create or edit, chat messages and prompts you submit to the AI assistant, and files you upload.
  • Content read from the organisation's connected source systems (Confluence, Jira, SharePoint) to build and maintain the knowledge base, via service-account integrations configured by the Owner.
  • For the Jira app: the text of the issue description (to detect knowledge-base reference markers) and your Atlassian account details.
  • Technical data: a JSON Web Token stored in your browser, and server-side system logs.

Trusted third parties that help us process it

  • OpenAI, L.L.C. — generative AI inference for the assistant.
  • Microsoft Ireland Operations Limited / Microsoft Corporation — "Sign in with Microsoft" (Microsoft Entra ID) and SharePoint content access via Microsoft Graph.
  • Atlassian Pty Ltd / Atlassian B.V. — Confluence and Jira as knowledge sources, and the hosting environment for the Jira app (Atlassian Forge).
  • GitHub, Inc. — hosts the Git repository in which the knowledge base is stored and version-controlled.
  • Serper LLC (serper.dev) — web search performed by the assistant.
  • Hetzner Online GmbH — application hosting and database (deployed via self-hosted Coolify).

Owner and Data Controller

Bevelites GmbH
Schleissheimerstrasse 188
80797 Munich, Germany

Owner contact email: [email protected]

Types of Data we collect

  • Identity and account data — email address and name. When you use "Sign in with Microsoft", this comes from your Microsoft account. When you use the Jira app, this includes your Atlassian account ID, email address, and display name.
  • User-generated content — the knowledge-base nodes and sections you create or edit, the chat messages and prompts you submit to the AI assistant, and files you upload. Edits are recorded as version-controlled changes attributed to you.
  • Connected-system data — content read from the organisation's source systems (Confluence, Jira, SharePoint) to build and maintain the knowledge base. These integrations use single-tenant service credentials configured server-side by the Owner; individual users do not authorise them and no per-user credentials are stored. This content may include personal data contained in those source systems (for example, the names of document authors or ticket assignees).
  • Jira app data — when a knowledge-base section is embedded in a Jira issue, the issue's description text is read to find the reference marker, and your Atlassian account details are used to authenticate you and to attribute any edits you make.
  • Technical data — a JSON Web Token with a 7-day expiry, stored in your browser's localStorage to maintain your sign-in; server-side system logs.
  • Usage Data — as defined below, collected automatically when using the Application.

Unless specified otherwise, all Data requested by this Application is mandatory, and failure to provide it may make it impossible for the Application to provide its services. Users are responsible for any third-party Personal Data obtained, published, or shared through this Application — in particular content imported from connected source systems.

Mode and place of processing the Data

Methods of processing

The Owner takes appropriate security measures to prevent unauthorised access, disclosure, modification, or destruction of the Data. Communication with the Application is secured via TLS, authenticated via 7-day JSON Web Tokens, and access is restricted to identities explicitly allowed by the Owner. Write access to knowledge-base content is governed by per-path access controls. Data processing is carried out using computers and IT-enabled tools, following organisational procedures strictly related to the purposes indicated.

Place

Data is processed at the Owner's operating offices in Munich, Germany, and at the operating locations of the third-party processors listed in this policy. Depending on a User's location, data transfers may involve transferring the User's Data to a country other than their own. Where Personal Data is transferred outside the European Economic Area, the Owner relies on Standard Contractual Clauses (SCCs) and the EU–U.S. Data Privacy Framework where applicable.

Retention time

  • Account data — retained for the duration of the User's account. Deletion can be requested by contacting the Owner and is typically completed within 30 days.
  • Knowledge-base content — stored in a version-controlled Git repository; prior versions are retained in the repository's history to support change tracking and recovery.
  • Chat threads and uploaded files — retained until deleted via the in-application controls.
  • Account links (mapping an Atlassian account to a knowledge-base user for the Jira app) — retained until the link is removed or the account is deleted.
  • System logs — retained per the hosting platform's default log retention.

The purposes of processing

Data concerning the User is collected to allow the Owner to provide its Service, comply with legal obligations, protect its rights and interests, detect malicious or fraudulent activity, and for the following purposes:

  • Registration and authentication
  • Knowledge-base storage, editing, and version control
  • AI-assisted maintenance (generative inference)
  • Integration with the organisation's source systems
  • Embedding and editing knowledge-base content within Atlassian Jira
  • Web search
  • Platform services and hosting

Detailed information on the processing of Personal Data

Registration and authentication

Shared-password and "Sign in with Microsoft" — Microsoft Ireland Operations Limited

Generative AI inference

OpenAI API — OpenAI, L.L.C.

  • Place of processing: United States.
  • Personal Data processed: prompt text, conversation history, and knowledge-base content passed as context to produce responses.
  • Data submitted via the OpenAI API is governed by OpenAI's API data-usage terms and is not used to train OpenAI's models.
  • Privacy Policy: https://openai.com/policies/privacy-policy

Source-system integration

These integrations read content from the organisation's existing systems to build and maintain the knowledge base. They use service credentials configured server-side by the Owner; individual users do not authorise them and no per-user credentials are stored.

Microsoft Graph (SharePoint) — Microsoft Ireland Operations Limited

  • Place of processing: European Union and the United States.
  • Personal Data processed: document and site content read from the SharePoint tenant configured by the Owner, which may include personal data contained in those documents.
  • Privacy Policy: https://privacy.microsoft.com/privacystatement

Atlassian Confluence & Jira — Atlassian Pty Ltd

  • Place of processing: European Union and the United States.
  • Personal Data processed: page, issue, and project content read from the Atlassian site configured by the Owner, which may include personal data such as author or assignee names.
  • Privacy Policy: https://www.atlassian.com/legal/privacy-policy

Atlassian Jira app (embedding & editing)

Atlassian Forge — Atlassian Pty Ltd

  • The "Bevel Knowledge Base" app runs on Atlassian's Forge platform. When the panel is opened on a Jira issue, it reads that issue's description text to detect a knowledge-base reference, and uses your Atlassian account ID, email, and display name to authenticate you and attribute any edits.
  • Requested Jira scopes: read access to Jira issues and user details, and Forge app storage (to remember this site's knowledge-base address).
  • Privacy Policy: https://www.atlassian.com/legal/privacy-policy

Knowledge-base storage and version control

GitHub — GitHub, Inc.

  • Place of processing: United States.
  • Personal Data processed: knowledge-base content and the change history, including the name/email used to attribute each change.
  • Privacy Policy: GitHub Privacy Statement

Web search

Serper.dev — Serper LLC

  • Place of processing: United States.
  • Personal Data processed: search query strings generated by the AI assistant during a session.
  • Privacy Policy: https://serper.dev/privacy

Platform services and hosting

Hetzner Online GmbH

  • Place of processing: Germany.
  • Personal Data processed: all Application data described above (database storage, file storage, server logs).
  • The Application is deployed onto Bevelites GmbH's own servers using Coolify, a self-hosted deployment platform that runs entirely on those servers.
  • Privacy Policy: https://www.hetzner.com/legal/privacy-policy/

Cookie Policy

This Application does not set tracking cookies. Authentication uses a JSON Web Token with a 7-day expiry, stored in the User's browser localStorage and cleared upon sign-out.

Further Information for Users in the European Union

Legal basis of processing

The Owner may process Personal Data relating to Users if one of the following applies: Users have given consent for one or more specific purposes; provision of Data is necessary for the performance of an agreement with the User or for pre-contractual obligations; processing is necessary for compliance with a legal obligation; or processing is necessary for the purposes of the legitimate interests pursued by the Owner or a third party.

The rights of Users under the GDPR

Users may, to the extent permitted by law: withdraw consent at any time; object to processing of their Data; access their Data; verify and seek rectification; restrict processing; have their Personal Data deleted; receive their Data and have it transferred to another controller; and lodge a complaint with their competent data protection authority. The Owner's lead supervisory authority is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).

How to exercise these rights

Any request to exercise User rights can be directed to the Owner at [email protected]. Such requests are free of charge and will be answered as early as possible and always within one month. Within the Application, Users can self-serve the deletion of individual chat threads and uploaded files using the in-app controls.

Additional information about Data collection and processing

Legal action

The User's Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of this Application or the related Services.

System logs and maintenance

For operation and maintenance purposes, this Application and any third-party services may collect files that record interaction with this Application (system logs) or use other Personal Data (such as the IP address) for this purpose.

Changes to this privacy policy

The Owner reserves the right to make changes to this privacy policy at any time by notifying Users on this page. It is strongly recommended to check this page often, referring to the date of the last modification listed below.

Definitions and legal references

Personal Data (or Data) — Any information that directly, indirectly, or in connection with other information allows for the identification or identifiability of a natural person.

Usage Data — Information collected automatically through this Application (or third-party services employed in it), which can include: IP addresses or domain names, URI addresses, the time of the request, the method used to submit the request, the size of the response, the status code, the country of origin, the browser and operating system features, and other parameters about the device and the User's IT environment.

User — The individual using this Application who, unless otherwise specified, coincides with the Data Subject.

Data Controller (or Owner) — The natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of Personal Data; unless otherwise specified, the Owner of this Application.

Data Processor (or Processor) — The natural or legal person which processes Personal Data on behalf of the Controller.

This Application — The means by which the Personal Data of the User is collected and processed.

This document was last updated on 10 June 2026.