Protty

Atlassian Cloud apps for better workflows

Welcome to Protty

Protty builds Forge apps for Jira Cloud that help teams work smarter. Each app focuses on a specific workflow improvement — simple, reliable, and easy to adopt.

Our Apps

Contact

Questions or feedback? or email support@prottyapps.com.

Jira Cloud

IssueMerge

IssueMerge helps teams consolidate duplicate or related Jira issues. Copy selected content from one or more sources into a target issue, link them, optionally close or delete sources, and keep a full audit trail of every merge.

Try free on Marketplace

See it in action

A short walkthrough of the full merge workflow — search, options, preview, and confirm.

IssueMerge demo — merge workflow from start to finish
IssueMerge merge wizard with issue search
merge-wizard.png Full merge wizard open from the issue action menu, showing issue search and the current issue as target.
The merge wizard — search for issues and configure your merge

Where to find it

  • Issue panel — right sidebar on any issue for quick access
  • Issue action — action menu → IssueMerge for the full merge wizard
  • Admin settings — Settings → Apps → IssueMerge → Configure
  • Project settings — Project settings → IssueMerge for merge profiles and analytics
IssueMerge in the issue right sidebar
issue-panel.png Issue view with the IssueMerge panel visible in the right sidebar.
Issue panel
IssueMerge in the issue action menu
issue-action-menu.png Issue action menu (⋯) open with IssueMerge listed as an action.
Issue action menu

Quick start

  1. Open an issue and launch IssueMerge.
  2. Search and select the issue(s) to merge with.
  3. Choose direction — merge others into this issue, or this issue into a target.
  4. Pick what to copy, link, close, or delete, then review the preview.
  5. Confirm the merge.
IssueMerge preview before confirming a merge
merge-preview.png Merge preview screen showing what will be copied, linked, and changed before you confirm.
Preview — review everything before you merge

Key capabilities

  • Copy comments, attachments, descriptions, and supported custom fields
  • Create duplicate issue links and merge existing links onto the target
  • Reparent sub-tasks, merge watchers and votes
  • Add summary comments on both source and target issues
  • Close or delete the source issue after merging
  • Sync future comments from the target back to the source
  • Bulk merge — combine multiple issues into one target at once
  • Jira Service Management — customer notifications, participant merge, and JSM-aware comment handling

For administrators

  • Control cross-project merges and optional project allowlists
  • Set default merge options per project or issue type with merge profiles
  • View audit logs and merge analytics (last 90 days by default)
IssueMerge site analytics on the admin page
site-analytics.png Admin page showing site-wide merge analytics — summary stats and charts.
Site analytics for administrators
IssueMerge

Privacy Policy

Last updated: July 3, 2026

Protty ("we", "us", or "our") builds apps and plugins for Atlassian products. This Privacy Policy explains how we collect, use, store, and share information when you visit our website or use our apps, including IssueMerge for Jira Cloud.

If you have questions, contact us at: support@prottyapps.com

1. Who we are

This policy applies to:

2. Scope

This policy covers personal data and other information processed by Protty apps installed on your Atlassian Cloud site. It does not cover Atlassian's own privacy practices. Please also review Atlassian's Privacy Policy.

3. Information we process

3.1 Website visitors

If you visit our website, we may collect:

  • Basic technical data (IP address, browser type, pages visited)
  • Information you submit through contact or support forms (name, email, message)

We use this only to operate the website, respond to inquiries, and improve our services.

3.2 IssueMerge app users

When you use IssueMerge on Jira Cloud, the app may process:

Jira issue data

  • Issue keys, summaries, descriptions, statuses, types, and project keys
  • Comments, attachments, custom fields, links, watchers, voters, and related metadata needed to perform merges

User information

  • Atlassian account IDs and display names of users who perform merges or change settings
  • User picker / multi-user custom field values when those fields are merged

Jira Service Management data (if applicable)

  • Service desk request data needed to merge requests or post portal comments

App configuration and operational data (stored in Forge encrypted app storage)

  • Site-wide merge policy settings (e.g. cross-project merge rules and project allowlists)
  • Per-project settings and merge profiles
  • Audit log entries (merge actions, settings changes, timestamps, outcomes)
  • Aggregated merge analytics derived from audit log data
  • Comment-sync state used to avoid duplicate processing

4. How we use information

We use the information above to:

  • Provide, operate, and maintain IssueMerge
  • Perform issue merges requested by authorized users
  • Enforce admin-configured merge policies
  • Record audit logs and analytics for administrators
  • Sync comments when configured
  • Provide customer support
  • Improve reliability, security, and performance
  • Comply with legal obligations

We do not sell personal data.

5. Legal bases for processing (EEA/UK users)

Where GDPR applies, we process personal data on the following bases:

  • Contract / legitimate interest of the customer: to provide the app to your organization
  • Legitimate interests: security, fraud prevention, service improvement, and support
  • Legal obligation: where required by law

Your organization (the Atlassian site administrator) decides whether to install and use our apps.

6. Where data is stored

IssueMerge runs on the Atlassian Forge platform. Data stored by the app is kept in Forge encrypted app storage associated with your Atlassian Cloud site. Jira issue data remains in your Atlassian Cloud environment except when you export or otherwise move data outside Jira through normal Jira functionality.

7. Third-party services

IssueMerge relies on Atlassian to host Jira Cloud and the Forge platform. Atlassian processes data as needed to deliver Jira and Forge functionality. Atlassian's own privacy terms apply to their services.

8. Data retention

  • Audit logs: stored in app storage, limited to the most recent entries (currently up to 500)
  • Merge policy and settings: retained until changed or the app is uninstalled
  • Website contact inquiries: retained as long as needed to respond and for reasonable business records

When the app is uninstalled from a site, Forge app storage for that installation is removed according to Atlassian's platform policies.

9. Security

We use industry-standard measures appropriate to our apps, including:

  • Processing data through Atlassian Forge's secure runtime
  • Using Forge encrypted app storage
  • Limiting data access to what is required for app functionality

No method of transmission or storage is 100% secure, but we work to protect information we process.

10. Your rights

Depending on your location, you may have rights to:

  • Access personal data we process about you
  • Request correction or deletion
  • Object to or restrict certain processing
  • Data portability
  • Lodge a complaint with a supervisory authority

Important: For data stored in your organization's Jira site, your Atlassian site administrator is usually the first contact. We will assist administrators and respond to direct requests where we are the data controller (e.g. website inquiries).

To exercise your rights, email support@prottyapps.com.

11. International transfers

If you are outside the country where our service providers operate, your information may be processed in other countries. Where required, we rely on appropriate safeguards such as standard contractual clauses or equivalent mechanisms.

12. Children's privacy

Our services are intended for business use and are not directed at children under 16. We do not knowingly collect personal data from children.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and change the "Last updated" date. Material changes may also be communicated through our website or app listing.

14. App-specific notes — IssueMerge

Permissions used:

  • Read/write Jira work items — to search, read, and merge issues
  • Read Jira users — to show who performed actions in audit logs
  • Read/write Jira Service Management requests — for JSM merge workflows
  • App storage — for settings, audit logs, and operational state

Administrator controls:

  • Jira admins can configure merge policies and view audit logs
  • Uninstalling the app removes app storage for that site

15. Contact us

IssueMerge

Terms of Service

Last updated: July 3, 2026

These Terms of Service ("Terms") govern your access to and use of IssueMerge (the "App"), a Jira Cloud application that helps teams consolidate duplicate issues. The App is provided by Protty ("we," "us," or "our").

By installing, configuring, or using the App, you agree to these Terms on behalf of yourself and, if applicable, the organization that authorizes your use (the "Customer"). If you do not agree, do not install or use the App.

Important: This document is a template tailored to IssueMerge's functionality. It is not legal advice. Have a qualified attorney review and customize it for your jurisdiction, business model, and compliance obligations before publishing.

1. The Service

IssueMerge is a Forge app for Atlassian Jira Cloud that allows authorized users to:

  • Search for and merge Jira issues, including copying selected content such as comments, attachments, descriptions, and supported custom fields
  • Create duplicate issue links and merge summary comments
  • Configure merge policies, including optional cross-project merge restrictions
  • View merge analytics and audit logs within the App

The App operates within your Jira Cloud site and uses Atlassian's Forge platform.

2. Eligibility and Authorization

2.1. You must have a valid Jira Cloud site and the authority to install and use marketplace or custom apps on that site.

2.2. Installation and certain configuration actions require Jira administrator privileges. You represent that anyone who installs or configures the App on your behalf is authorized to do so.

2.3. You are responsible for ensuring that end users who use the App have appropriate Jira permissions to view, edit, link, and comment on the issues they access through the App.

3. Customer Responsibilities

You agree to:

  • Use the App only in compliance with these Terms, applicable law, and your agreements with Atlassian
  • Maintain control over who may install, configure, and use the App within your organization
  • Review merge actions before confirming them, especially when merging across projects or copying sensitive data
  • Ensure that use of the App complies with your internal policies and any obligations you owe to data subjects or third parties

You are solely responsible for the content, configuration, and outcomes of merge operations performed through the App.

4. Permissions and Data Processing

4.1 Jira permissions

To function, the App requests Forge permissions including, but not limited to:

  • Reading and writing Jira work items
  • Reading Jira user information
  • Reading and writing Jira Service Management requests, where applicable
  • Using Forge app storage

The App only performs actions that an authenticated user initiates or that are required to deliver configured features (for example, comment synchronization triggers). The App does not bypass Jira permission checks for end-user actions.

4.2 Data accessed and modified

When you use the App, it may access, process, and modify Jira issue data such as summaries, descriptions, comments, attachments, custom fields, links, watchers, votes, participants, and related metadata necessary to perform merges, analytics, and audit logging.

The App may store configuration data, audit log entries, analytics aggregates, and similar operational data in Forge app storage associated with your Jira site.

4.3 Audit logs

The App may maintain an audit log of merge activity and certain administrative changes. Audit logs are retained for a limited period and may be trimmed automatically. You should not rely on the App as your sole record-keeping or compliance system.

4.4 Privacy

Our handling of personal data is described in our . These Terms should be read together with that policy.

5. Acceptable Use

You may not use the App to:

  • Violate law, regulation, or third-party rights
  • Merge, copy, or expose data you are not authorized to access
  • Attempt to interfere with, disrupt, reverse engineer, or circumvent the App, Forge, or Jira
  • Use the App in a manner that could harm, overload, or impair our systems or those of Atlassian or other third parties
  • Misrepresent the source or integrity of merged issue content

We may investigate suspected violations and may suspend or terminate access where reasonably necessary to protect the App, users, or third parties.

6. Third-Party Services

The App depends on Atlassian Jira Cloud and Forge for hosting, authentication, APIs, and app runtime. Your use of those services is subject to their own terms, privacy policies, and acceptable use rules. We are not responsible for third-party services and do not control their availability, security, or performance. Outages or changes to Atlassian services may affect the App.

7. Intellectual Property

7.1. We retain all rights, title, and interest in and to the App, including software, branding, documentation, and related intellectual property, except for components licensed to you under applicable open-source licenses identified in the project.

7.2. You retain all rights to your Jira data and content. You grant us the limited rights necessary to provide, secure, maintain, and improve the App, including processing Jira data as described in these Terms and our Privacy Policy.

7.3. You may not copy, modify, distribute, sell, lease, or create derivative works of the App except as expressly permitted by applicable law or a separate written agreement with us.

8. Beta and Experimental Features

We may offer features labeled beta, preview, experimental, or similar. Such features are provided as is, may change or be withdrawn at any time, and may be less reliable than generally available functionality.

9. Disclaimers

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE APP IS PROVIDED "AS IS" AND "AS AVAILABLE."

WE DISCLAIM ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.

WITHOUT LIMITING THE FOREGOING, WE DO NOT WARRANT THAT:

  • THE APP WILL BE UNINTERRUPTED, ERROR-FREE, OR SECURE
  • MERGE OPERATIONS WILL PRESERVE ALL ISSUE DATA, FORMATTING, ATTACHMENTS, CUSTOM FIELDS, OR WORKFLOW STATE
  • THE APP WILL MEET YOUR LEGAL, REGULATORY, OR INTERNAL COMPLIANCE REQUIREMENTS

YOU ARE RESPONSIBLE FOR REVIEWING MERGE RESULTS, MAINTAINING BACKUPS WHERE APPROPRIATE, AND USING THE APP IN A MANNER CONSISTENT WITH YOUR ORGANIZATION'S GOVERNANCE REQUIREMENTS.

10. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:

10.1. WE WILL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS, REVENUE, DATA, GOODWILL, OR BUSINESS OPPORTUNITY, ARISING OUT OF OR RELATED TO THE APP OR THESE TERMS, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

10.2. OUR TOTAL AGGREGATE LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATED TO THE APP OR THESE TERMS WILL NOT EXCEED THE GREATER OF:

  • (A) THE AMOUNTS YOU PAID US FOR THE APP IN THE TWELVE (12) MONTHS BEFORE THE EVENT GIVING RISE TO THE CLAIM, OR
  • (B) USD $100

Some jurisdictions do not allow certain limitations of liability, so some of the above may not apply to you.

11. Indemnification

You will defend, indemnify, and hold harmless us and our affiliates, officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or related to:

  • Your use of the App
  • Your Jira data or merge operations
  • Your breach of these Terms
  • Your violation of law or third-party rights

12. Suspension and Termination

12.1. You may stop using the App at any time by uninstalling it from your Jira site.

12.2. We may suspend or terminate access to the App, in whole or in part, if:

  • You materially breach these Terms
  • We are required to do so by law or by Atlassian
  • Continued provision would create risk or burden that is unreasonable

12.3. Upon termination, your right to use the App ends immediately. Sections that by their nature should survive termination will survive, including intellectual property, disclaimers, limitation of liability, indemnification, and governing law.

12.4. Uninstalling the App may not automatically delete data previously written to Jira issues or data retained in Forge app storage. You are responsible for managing retained data in accordance with your policies and Atlassian's documentation.

13. Changes to the App or Terms

13.1. We may update the App from time to time, including adding, modifying, or removing features.

13.2. We may revise these Terms by posting an updated version with a new "Last updated" date. Material changes will be communicated through reasonable means, such as release notes, in-app notice, or documentation. Continued use of the App after the effective date of revised Terms constitutes acceptance, except where applicable law requires a different process.

14. Export and Sanctions Compliance

You represent that you are not located in, under the control of, or a national or resident of any country or person subject to applicable trade sanctions or export restrictions, and that you will not use the App in violation of export control or sanctions laws.

15. Governing Law and Disputes

These Terms are governed by the laws of Bulgaria, without regard to conflict-of-law principles, except where mandatory consumer protection laws provide otherwise.

Any dispute arising out of or relating to these Terms or the App will be resolved in the courts located in Sofia, Bulgaria, and you consent to their exclusive jurisdiction, except where applicable law requires a different forum.

16. General

16.1. Entire agreement. These Terms, together with the Privacy Policy and any order or marketplace listing terms that apply to paid versions of the App, constitute the entire agreement regarding the App.

16.2. Assignment. You may not assign these Terms without our prior written consent. We may assign these Terms in connection with a merger, acquisition, corporate reorganization, or sale of assets.

16.3. Severability. If any provision is held unenforceable, the remaining provisions remain in effect.

16.4. No waiver. Failure to enforce a provision is not a waiver of our right to do so later.

16.5. Force majeure. We are not liable for delays or failures caused by events beyond our reasonable control, including outages of Atlassian or internet infrastructure.

17. Contact

If you have questions about these Terms, contact us at:

Marketplace-Specific Notice (Atlassian Marketplace)

If you obtain IssueMerge through the Atlassian Marketplace, your use is also subject to Atlassian's applicable marketplace terms and policies. In the event of a conflict between these Terms and Atlassian's terms solely with respect to billing, distribution, or marketplace operations, Atlassian's terms control for those matters.

IssueMerge

Security Policy

Last updated: July 3, 2026

IssueMerge ("App," "we," "us") is a Jira Cloud application that helps teams consolidate duplicate issues. This Security Policy describes how we protect the App, the data it processes, and how customers and security researchers can report vulnerabilities.

Important: This document is tailored to IssueMerge's functionality and architecture. It is not legal advice. Have a qualified attorney review it before publishing, especially if you operate in regulated industries or jurisdictions with specific security disclosure requirements.

1. Scope

This policy applies to the IssueMerge Forge app distributed through the Atlassian Marketplace and related support communications about security.

It does not govern the security of Atlassian's own products or infrastructure. Jira Cloud site security, authentication, and platform operations are the responsibility of Atlassian. See Atlassian Trust and Atlassian's Privacy Policy.

For how we handle personal data, see our .

2. Architecture Overview

IssueMerge is built on Atlassian Forge. Core App functionality runs within Atlassian's managed runtime. We do not operate separate application servers that store or process Jira issue content outside Forge.

Key architectural properties:

  • No user-supplied credentials. The App does not ask end users to provide Atlassian Personal Access Tokens (PATs), account passwords, API keys, or other shared secrets.
  • Scoped OAuth permissions. The App accesses Jira only through permissions granted at install time and enforced by Forge.
  • On-platform processing. Duplicate suggestions use TF-IDF ranking and project vocabulary stored in Forge app storage. Issue metadata is not sent to external AI or third-party analytics services for core functionality.
  • Forge app storage only. Configuration, audit logs, analytics, and suggestion data are stored in storage:app, isolated per Jira site.

3. Permissions and Least Privilege

IssueMerge requests only the Forge scopes required to deliver its features:

Scope Purpose
read:jira-work Read issues, comments, attachments, fields, and links for merge preview and execution
write:jira-work Copy content, update fields, transition or delete source issues, create links
write:jira-work (impersonation) Perform merge actions as the invoking user so Jira permission checks apply correctly
read:jira-user Resolve user display names for audit log entries and analytics
read:servicedesk-request Read JSM request data for service desk merge previews
write:servicedesk-request Notify customers and update JSM fields during service desk merges
storage:app Persist merge policies, profiles, audit log, analytics, and suggestion settings

We review scopes during development and remove any that are not strictly necessary.

4. Data Handling and Storage

4.1 Jira issue data

Jira issue content is accessed transiently to perform merges and previews requested by authorized users. It is not copied to external databases operated by Protty. Changes are written back to Jira through the Forge API.

4.2 Data stored in Forge app storage

The App stores limited operational data per Jira site, including:

  • Merge policy and profile settings
  • Audit log entries (actor, timestamp, action summary)
  • Aggregated merge analytics
  • Duplicate suggestion preferences and learned project vocabulary

Audit log entries are retained up to 500 per site and trimmed automatically. Configuration data is retained while the App remains installed.

4.3 Data location

Data is processed according to Atlassian Forge infrastructure and your Jira Cloud site's data residency settings. We do not transfer Jira content to Protty-operated servers for core App functionality.

5. Security Controls

We apply technical and organizational measures appropriate to the App's scope, including:

  • Forge authentication and authorization — All API calls run in the Forge runtime with site-scoped context.
  • Least-privilege design — Features are gated by Jira permissions; merge actions respect the invoking user's access rights.
  • No external secret storage — The App does not persist customer credentials or PATs.
  • Licensed-only triggers — Background comment-sync triggers run only when the App is licensed.
  • Dependency management — Third-party packages are kept up to date through regular maintenance.
  • Secure development practices — Changes are reviewed before production deployment via forge deploy.

No method of transmission or storage is completely secure. We cannot guarantee absolute security.

6. Reporting a Security Vulnerability

If you believe you have found a security vulnerability in IssueMerge, please report it responsibly.

Please include:

  • A description of the vulnerability and its potential impact
  • Steps to reproduce the issue
  • Affected App version or environment, if known
  • Your contact information (optional, but helpful for follow-up)

What we ask:

  • Do not access, modify, or delete data belonging to other customers.
  • Do not perform denial-of-service, social engineering, or physical attacks against Atlassian or Protty infrastructure.
  • Allow reasonable time for us to investigate and remediate before public disclosure.

Our commitment:

  • We aim to acknowledge reports within 2 business days.
  • We will work to assess severity and provide status updates as investigation progresses.
  • We will not pursue legal action against researchers who report vulnerabilities in good faith and follow this policy.

If the vulnerability is in Atlassian's platform rather than IssueMerge application logic, we may ask you to report it through Atlassian's security bug bounty program or their coordinated disclosure process.

7. Incident Response

If we become aware of a security incident affecting IssueMerge customers, we will:

  1. Investigate and contain the issue
  2. Notify affected customers and Atlassian where required by law or contractual obligations
  3. Remediate the root cause and deploy fixes through Forge
  4. Document lessons learned and improve controls where appropriate

Customers should also follow their own incident response procedures and contact their Jira administrator for site-level concerns.

8. Customer Responsibilities

Customers are responsible for:

  • Controlling who can install and configure the App in their Jira site
  • Managing Jira user permissions and merge policies appropriate to their organization
  • Reviewing merge actions before confirming them
  • Uninstalling the App when it is no longer needed
  • Reporting suspected security issues to us promptly

9. Compliance

IssueMerge does not currently hold independent compliance certifications (such as SOC 2 or ISO 27001). The App relies on Atlassian Forge for hosting and platform security controls.

For privacy-related rights and data processing details, see our .

10. Changes to This Policy

We may update this Security Policy from time to time. We will post the revised version with an updated "Last updated" date. Material changes may also be communicated through the Marketplace listing or release notes.

11. Contact

Loading documentation…

Contact Us

Have a question about IssueMerge or Protty? Fill out the form below and we'll get back to you.

Prefer email? support@prottyapps.com