FJAN Logo

Privacy Policy

Effective Date: May 29, 2025
Last Updated: April 5, 2026

1. Scope

This Privacy Policy describes how the ClearSpecs AI Azure DevOps Extension ("ClearSpecs AI," the "Extension," "we," "us," or "our") processes information when the Extension is used within Azure DevOps.

This policy applies to the Extension, its related backend services, and related operational services used to provide AI features, licensing, telemetry, and subscription management. It does not replace the privacy terms, notices, or commitments of Azure DevOps, Microsoft, OpenAI, Stripe, or any other third-party platform or service provider.

2. Information We Process

2.1 Azure DevOps Content You Choose To Process

When you use AI-powered features, the Extension may process Azure DevOps content that you choose to submit, including:

  • work item titles
  • descriptions
  • acceptance criteria
  • repro steps
  • tags, state, priority, severity, story points, assignee information, and related work item context
  • chat or prompt text that you provide
  • selected project context, including project name and work item types

This information is used to generate, summarize, or analyze work item content and related conversations.

2.2 Organization, Account, And Configuration Information

We may process organization and configuration information needed to operate the Extension, including:

  • Azure DevOps organization identifiers and organization name
  • organization URL
  • extension configuration values used for licensing and access control
  • custom prompts created and managed within the Extension
  • subscription and billing identifiers associated with an organization

2.3 User And Activity Information

As currently implemented, the Extension and related services may process user and activity information such as:

  • Azure DevOps user ID
  • display name
  • email or login name when made available by Azure DevOps to the Extension
  • timestamps of activity
  • product usage events
  • request type, model used, token counts, estimated cost, processing time, success or failure state, and related operational metadata
  • error and diagnostic information

2.4 Telemetry And Diagnostics

We may collect telemetry and diagnostic information to operate, maintain, and improve the Extension. As currently implemented, telemetry may include organization-level context and event properties associated with product usage or errors. Telemetry collected through third-party monitoring tools is not necessarily anonymous.

3. How Information Is Collected

We collect information from the following sources:

  • directly from your use of the Extension and its user interface
  • from Azure DevOps services and SDK APIs made available to the Extension
  • from requests sent from the Extension to our backend services
  • from service providers involved in AI generation, monitoring, hosting, or subscription management

4. How We Use Information

We use the information described in this policy to:

  • provide AI-assisted generation, summarization, chat, and work item insights
  • process prompts and work item context submitted through the Extension
  • return generated output for your review before you decide whether to save it in Azure DevOps
  • manage custom prompts and configuration data
  • validate licenses, manage trials, and enforce service access controls
  • operate subscription and billing workflows
  • maintain usage statistics, request logs, and operational records
  • monitor performance, diagnose failures, and improve reliability
  • detect abuse, unauthorized use, or service issues
  • comply with applicable legal obligations and enforce our terms

5. Where Information Is Stored

5.1 Azure DevOps Extension Data

As currently implemented, certain Extension-managed data is stored using Azure DevOps Extension Data services, including:

  • custom prompts
  • license-related configuration stored by the Extension for organization use

5.2 Backend Operational Databases And Services

Our FJAN IT-controlled backend operational and business systems process and store data from Germany. These systems may store operational and business records, including:

  • organization records
  • subscription and billing-related records
  • daily usage records
  • request logs
  • organization user activity records

These records may include organization identifiers, user identifiers, optional user email or display name fields, timestamps, model and usage metadata, cost information, status data, and error information.

5.3 Azure DevOps

Generated content is not written back to Azure DevOps until a user approves the action that saves or updates the relevant work item. Azure DevOps remains responsible for data stored in your Azure DevOps environment.

5.4 Third-Party Service Providers

The Extension also depends on third-party platforms and service providers such as Microsoft, OpenAI, Microsoft Application Insights, and Stripe. Those providers may process or store data in jurisdictions outside Germany and outside your own jurisdiction, according to their own infrastructure, terms, and privacy notices.

6. AI Processing

When you use AI features, selected work item data, prompts, message history, or related project context may be sent through our backend services to OpenAI in order to generate or summarize content. This processing is necessary for the AI features of the Extension to function.

As currently implemented, work item content used for AI processing passes through our services for request handling and may be included in prompt payloads sent to OpenAI. We utilize OpenAI's API services. According to OpenAI's published API data controls, customer content submitted through the API is not used to train or improve OpenAI models unless the customer explicitly opts in to share that data with OpenAI.

OpenAI also states that API usage may still generate abuse-monitoring logs that can include prompts, responses, and related metadata, and that such logs may be retained for up to 30 days by default unless different approved data controls apply. Our current implementation does not state or guarantee that OpenAI processing is limited to Germany or to a specific EU-only regional OpenAI endpoint.

7. Disclosures To Third Parties And Service Providers

We may disclose or make information available to third parties and service providers that help us operate the Extension, including:

  • Azure DevOps / Microsoft: to host the Extension, provide Azure DevOps APIs, and store Extension-managed data through Azure DevOps services
  • OpenAI: to process prompts, work item content, summaries, chat messages, and related AI request data
  • Microsoft Application Insights: to collect telemetry, monitoring, and diagnostics data
  • Stripe: to support subscription, checkout, billing portal, customer, and payment-related workflows

We do not sell Customer Content or personal data submitted through the Extension to unrelated third parties for their own marketing purposes.

We may also disclose information if required by law, regulation, legal process, or to protect the rights, safety, and security of users, customers, the Extension, or the public, or to investigate fraud, abuse, or security issues affecting the service.

8. Retention

We retain information for as long as reasonably necessary to operate the Extension, maintain service functionality, support billing and licensing, investigate issues, enforce terms, or satisfy legal or operational requirements.

As currently implemented, the repository does not define a single public retention schedule for all categories of stored information. Different categories of data may be retained for different periods depending on where they are stored and how they are used.

9. Security

We use technical and organizational measures intended to protect information processed by the Extension and related services. However, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

This policy does not make any representation that all data categories are encrypted at rest, that any particular certification is maintained, or that any specific audit, monitoring, or response timeframe applies unless separately stated by contract or service documentation.

10. Your Choices And Requests

Depending on your relationship with the organization using the Extension and applicable law, you may have the ability to:

  • choose what work item data or prompts you submit for AI processing
  • review generated content before saving it back to Azure DevOps
  • revoke or stop using the Extension through Azure DevOps
  • request information about configuration, prompt, or operational data associated with your organization
  • request deletion of data that we control, subject to technical, contractual, operational, billing, security, or legal constraints
  • request access to, correction of, or restriction of certain personal data that we control
  • object to certain processing or request data portability where available under applicable law

Requests relating to information stored in Azure DevOps or managed by Microsoft may also require action through Azure DevOps or the relevant Microsoft service.

If you make a privacy request to us, we may ask for information reasonably necessary to verify the request and to confirm the relationship between the requester, the relevant Azure DevOps organization, and the data at issue. Some requests may need to be handled by the customer organization that uses the Extension or by the relevant third-party platform provider.

11. Children's Privacy

The Extension is intended for business and professional use and is not directed to children. We do not knowingly design the Extension for use by children under 13.

12. International And Third-Party Processing

FJAN IT-controlled backend services for the Extension operate from Germany, but the Extension also depends on third-party platforms and service providers that may process information in jurisdictions different from your own and different from Germany. This may include international transfers or remote access by service providers where necessary to provide AI processing, telemetry, hosting, billing, support, monitoring, or security functions.

The handling of information by those third parties is governed by their own terms, privacy notices, and data processing practices. This Privacy Policy does not make a blanket representation that all processing occurs in one country, that all providers offer the same retention periods, or that all third-party processing is subject to the same legal regime.

13. Changes To This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this document. Material changes may also be communicated through the channels we use to support and distribute the Extension.

14. Contact

If you have questions about this Privacy Policy or requests related to data processed by the Extension, please contact us at [email protected] or through the Azure DevOps Marketplace listing for ClearSpecs AI.

This Privacy Policy is specific to the ClearSpecs AI Azure DevOps Extension and related services made available for that Extension.