Privacy policy

At Mission H LLC ("Mission H," "we," "us") we consider the privacy and the security of personal data to be extremely important.

We process personal data in connection with the use of Mission H's website, services, software, and all other products and services (all of the foregoing collectively, the "Services"), including but not limited to the Riffle application for Atlassian Confluence.

In this Privacy Policy, we describe how we process personal data of the following data subjects:

  • our customers, their end users and representatives,

  • website users,

  • email or newsletter subscribers,

  • potential customers.

This Privacy Policy covers information collected through the Services, on our website www.trusthumankind.org or other websites administered by Mission H where the Privacy Policy is placed (the "Site") and in other sources.

The Privacy Policy is incorporated by reference into our Terms of Service. Any terms used herein and not defined will have the meanings given to them in the Terms of Service. By using the Services, you hereby warrant and represent that you have read, understand and agree to this Privacy Policy and the Terms of Service and that you are over 18 years of age. PLEASE DO NOT USE, INSTALL OR ACCESS THE SERVICES IF YOU DO NOT AGREE TO THIS PRIVACY POLICY.

We have no direct relationship with your end users or any person other than you, and for that reason, you are responsible for making sure that your end users and any other representatives comply with this Privacy Policy and that you have the appropriate permission and legal basis for us to collect and process information about those individuals.

If you have any questions or suggestions concerning our privacy practices, please email us at privacy@trusthumankind.org. Please also send us an email if you would like to request data access or deletion, or to exercise other rights as a data subject.

How We Collect Personal Data

What personal data we collect depends largely on the interaction that takes place between you and Mission H, most of which can be categorized under the following:

  • When you use Mission H's Services. When you or your end users use Mission H's Services, including the Riffle application, we process content from your Atlassian Confluence instance that you have configured for synchronization, as well as account details and configuration data provided by you. We also process content from third-party integrations that you choose to link to the Services, such as GitHub repositories.

  • When you send us emails or message us. When we receive emails or messages from you or your end users, we can store the content of such emails, including attachments as well as your or your end user's contact details.

  • When you submit forms on the Site. When you complete forms on the Site (contact us, subscription, demo request, etc.) we collect your contact details and information you complete in the form.

  • When you use the Site. When you use the Site, we collect certain information, as described in more detail below that may, alone or in combination with other information, constitute personal data (e.g. cookie files).

What Types of Personal Data We Process

Information You Provide To Us

We collect and process the following personal data that you or your end users provide to us:

  • Customer account details. To create or update your account and provide the Services, we collect information about you and your organization. This includes name, email, and any other information you decide to provide.

  • Personal data within User Content. As you use our Services, you may include in content that is configured for synchronization personal data you have collected from your users, employees, customers, prospective customers or other individuals. We process this data only on your behalf as our customer. We have no direct relationship with any person other than you, and for that reason, you are responsible for making sure you have the appropriate permission and legal basis for us to collect and process information about those individuals.

  • Financial information. Payments for the Services are processed through the Atlassian Marketplace. We do not directly collect or store credit card details or payment information. Atlassian handles all billing on our behalf.

  • Contact details and business data. We receive information about our customers and potential customers for cooperation and communication purposes. This includes full name, title, company, email or other contact details as may be necessary.

  • Configuration data. When you configure the Riffle application, we store settings including GitHub repository names, authentication credentials (encrypted), synchronization preferences, and page-to-file mapping manifests. This data is stored within Atlassian's Forge platform infrastructure and is scoped to your Confluence instance.

  • Requests, messages and submitted forms details. We receive and process your or your end users' messages, support requests, emails and information you share with us via online forms or other support channels. This includes the content of such communications as well as your contact details if any.

We ask that you not provide or disclose to us any sensitive personal data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or union membership) on or through the Services or otherwise. You are responsible for making sure that your end users do not provide or disclose to us any sensitive personal data on or through the Services, within any User Content or otherwise.

Automatically Collected Information

Most of the data we collect in and through the Site and the Services is technical in nature and is collected and processed automatically. Alone or in combination with other data, such automatically collected data may constitute personal data. The data we may collect by automated means may include, without limitation:

  • Usage data: including, but not limited to, pages viewed and features used within the Riffle application.

  • Network and internet information: including, but not limited to, Internet Protocol addresses and location information.

  • Information we collect on the use of the Site via cookies: please see the "How We Use Cookies and Other Technologies" section below for more information.

Information You Share on Third Party Websites or through Social Media Services

The Services may include links to third party websites and social media services. Your use of these third party websites and social media services may result in the collection or sharing of information about you by these third party websites and social media services. We encourage you to review the privacy policies and settings on the third party websites and social media services with which you interact.

For Which Purposes We Use Personal Data

We collect and process your or your end users' personal data for the following purposes:

  • To operate the Services: We use personal data to enter into the agreement with you as a customer and operate, maintain and administer your use of the Services, as well as to communicate with you regarding the Services (sending announcements, technical notices, updates, security alerts, and support and administrative messages) and to respond to Service-related requests, questions and feedback.

  • To improve our Services: We process your and your end users' usage data to understand how you use our Services and Site, including to monitor usage patterns and to analyze trends and develop new products, services, features and functionality in reliance on our legitimate interests. WE DO NOT USE YOUR CONTENT DATA TO TRAIN ANY MACHINE LEARNING MODELS OR OTHER MODELS WHERE YOUR DATA COULD BE EXPOSED TO THIRD PARTIES.

  • To communicate with you and inform you about the Services. If you request information from us, register for the Services, or participate in our surveys, we may send you Mission H-related marketing communications if permitted by law. In all such communications, we will provide you with the possibility to opt-out.

  • To comply with law. We use your or your end users' personal data as necessary to comply with applicable laws, including legal processes or audits, to respond to subpoenas or legally binding requests from government authorities.

  • For compliance and safety. We use your or your end users' personal data as we believe necessary or appropriate to (a) enforce the terms and conditions that govern the Services; (b) protect our rights, privacy, safety or property, and/or that of you or others; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

How We Use Cookies and Other Technologies

Some of the features on the Site require the use of "cookies" — small text files that are stored on your device's hard drive. We use cookies to measure which pages are being accessed, and which features are most frequently used. This enables us to continuously improve the Site and Services to meet the needs of our visitors.

Note: The Riffle application itself runs within Atlassian's Forge platform and does not independently set cookies. Any cookies related to the Confluence interface are managed by Atlassian.

How We Share Personal Data

We do not sell your data or your end users' data to third parties for commercial or advertising purposes. We share your data and your end users' data as described in this Privacy Policy or upon obtaining your consent for such data sharing.

We disclose personal data to third parties under the following circumstances:

  • Service Providers. We employ third-party platforms and services to help us with performance of the Services. Specifically, the Riffle application operates on the Atlassian Forge platform, and synchronizes content with GitHub. These third parties process data in accordance with their own privacy policies and the terms of our agreements with them.

  • Professional Advisors. We may disclose your or your end users' personal data to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.

  • Third-party Applications and Integrations. For the provision of the Services we receive and share data with third-party integrations that you choose to link to the Services, specifically your GitHub repositories. Content synchronized to GitHub is subject to GitHub's privacy policy and your repository's access controls.

  • Business Transfers. In the event of a corporate sale, merger, reorganization, dissolution or similar event, personal data may be part of the transferred assets. You acknowledge and agree that any successor to or acquirer of Mission H (or its assets) will continue to have the right to use your and your end users' personal data and other information in accordance with the terms of this Privacy Policy.

  • Compliance with Laws and Law Enforcement. Mission H may disclose information about you or your end users to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests and legal processes; (b) enforce the terms and conditions that govern the Services; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

Your Data Protection Rights & Choices

You have the following rights:

  • If you wish to access your personal data that Mission H collects, you can do so at any time by contacting us.

  • You can also contact us to update, correct or delete information in your account.

  • If you are in the European Economic Area ("EEA"), the UK, or Switzerland, you can object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data where it is technically possible.

  • Similarly, if you are in the EEA, the UK, or Switzerland, and provided we have collected and processed your personal data under your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on other lawful processing grounds.

  • You have the right to complain to a data protection authority about our collection and use of your personal data.

You may submit your request by sending an email to privacy@trusthumankind.org. We will respond to all requests in accordance with applicable data protection laws.

Access to Data Controlled by our Customers. We don't have any direct relationships with customers' end users. An individual end user who seeks access, or who seeks to correct, amend, or delete personal data processed in the Services by our customers should direct their request to the customer directly.

Data Transfers

Your personal data may be stored and processed in any country where we have facilities or in which we engage service providers, including in the United States.

By accepting the terms of this Privacy Policy, you acknowledge and agree to (1) the transfer to and processing of personal data on servers located outside of the country where you reside and (2) our collection and use of your or your end users' personal data as described herein and in accordance with the data protection laws of the countries in which we have facilities or in which we engage service providers, which may be different and may be less protective than those in your country.

Data Storage and Retention

The Riffle application stores configuration and synchronization state data within Atlassian's Forge Key-Value Store (KVS), which runs within Atlassian's managed infrastructure and is scoped to your Confluence instance. Mission H does not maintain any external database or server for the purpose of storing your data.

Content synchronized by the Services is transmitted to and stored in GitHub repositories that you configure. This content is subject to GitHub's privacy policy and your own repository access controls.

Uninstalling Riffle removes all configuration and synchronization state data from Forge KVS. Markdown files previously committed to GitHub remain in your repository under your control and can be deleted at your discretion.

Children's Information

We believe it is important to provide added protection for children online. The Site and/or the Services are not intended for use by anyone under the age of 18, nor does Mission H knowingly collect or solicit personal data from anyone under the age of 18.

If you are under 18, you may not attempt to register for the Services or send any information about yourself to us, including your name, address, telephone number, or email address. In the event that we confirm that we have collected personal data from someone under the age of 18 without verification of parental consent, we will delete that information promptly.

Security

Safeguarding Your Information

We take reasonable and appropriate measures to protect personal data from loss, misuse and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the personal data.

Specifically, the Riffle application:

  • Stores authentication credentials using Atlassian Forge's encrypted secret storage.

  • Uses short-lived GitHub App installation tokens (1-hour expiry) with RS256-signed JWTs where applicable.

  • Verifies webhook signatures using HMAC-SHA256 to prevent unauthorized triggers.

  • Communicates exclusively over HTTPS for all API interactions.

Despite these efforts, we cannot guarantee the security of personal data during its transmission or its storage in our systems. While we attempt to ensure the integrity and security of personal data, we cannot guarantee that our security measures will prevent third parties from illegally obtaining access to personal data.

Notice of Breach of Security

If a security breach causes an unauthorized intrusion into our system that materially affects you or your end users, then we will notify you as soon as possible and later report the action we took in response.

Legal Basis for Processing Your Personal Data (EEA Visitors/Customers Only)

If you are a person located in the EEA or the UK, our legal basis for collecting and using the personal data described above will depend on the purpose of processing and personal data concerned:

  • We process data to perform a contract with you on use of the Services (Art. 6(1)(b) of the GDPR or UK GDPR);

  • We also process data based on our legitimate interest (Art. 6(1)(f) of the GDPR or UK GDPR) in the following cases: to communicate with you and inform about our Services; to comply with the law we are subject to; to negotiate, enter and perform agreements; for compliance and safety.

  • We process some types of cookie files based on your consent (Art. 6(1)(a) of the GDPR or UK GDPR).

For California Residents

If you are a resident of California, California Civil Code Section 1798.83 permits you to request information regarding how we disclosed your personal data to third parties for such parties' direct marketing purposes during the preceding calendar year. To request the above information, please contact us at privacy@trusthumankind.org.

We do not sell, and have not in the prior 12 months sold, Personal Information (as defined in the California Data Protection Laws) about California residents.

You have the right to:

  • Request to know the categories and specific pieces of personal data we have collected about you.

  • Request deletion of any personal data about you that we have collected.

  • Designate an authorized agent to make requests on your behalf.

You may submit your request by contacting us at privacy@trusthumankind.org. We will respond to your request within 45 calendar days of receipt.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. When personal data is no longer necessary, we will delete or anonymize it.

Changes to this Privacy Policy

We reserve the right to update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

Last updated: March 21, 2026