Security & data

This is the operational view for admins: what WikiFix touches in your Confluence, what it keeps, and what it doesn’t. The formal claims — jurisdiction, encryption, subprocessors, what we don’t have yet — live on the security page; this page summarizes and links rather than restates.

Pages in the spaces a report scopes, fetched read-only through Atlassian’s Forge platform at scan time. Scans read with the app’s own access — the access your Confluence admin grants WikiFix at install — not with the report creator’s personal permissions. Two things bound what a scan can reach: the spaces selected in the report (a scan never fetches outside them), and the app’s authorization itself, which admins grant at install and can restrict further with Atlassian’s app access controls. The scope list is public in the Forge manifest on the Marketplace listing.

Processed transiently: the full text of scanned pages. Pages are fetched, chunked, and analyzed during a scan run; WikiFix does not keep a full copy of your wiki.

Stored: the working set WikiFix needs to do its job —

• a derived index (chunk embeddings) used to spot related passages,
• the short excerpts behind each finding, so a finding stays readable after the page changes,
• report and run history — kept in WikiFix’s own database and shown in the app, not written into your Confluence — and the credit ledger.

All of it is stored and processed in AWS Frankfurt (eu-central-1). The AI step on the default setup runs via AWS Bedrock and stays in the EU, and your content is never used to train AI models; see the security page for the contractual detail. The one exception you opt into yourself: if you add your own Anthropic API key, the AI step is sent to Anthropic’s API under your account and your agreement with Anthropic — see Credits & capacity.

We’re completing a pre-launch data audit (what every subsystem stores vs. processes transiently). If the audit changes anything on this page, the page changes with it.

Nothing, until you click:

• Apply writes the chosen fix to the disagreeing pages — as the approving user, visible in page history, revertable in one click. For a departed-owner finding, Apply updates the page’s owner instead of its text.
• Notify posts a comment on the page, anchored to the passage in question.

WikiFix creates no pages in your Confluence — scan results live in WikiFix, not in your wiki.

Comments WikiFix posted stay in your Confluence — they’re ordinary comments, and you can delete them like any comment. Server-side, WikiFix marks the installation removed and retains your data so a re-install picks up exactly where you left off; if you want it removed instead, email security@wikifix.ai.

Encryption in transit and at rest, tenant isolation, subprocessor list, DPA, what we don’t have yet (and when we will) — all on the security page. The short privacy policy covers the same ground from the data-subject side. Anything unclear: security@wikifix.ai.