BoomiSight Data Handling Disclosure
Last updated: 2026-06-02 Owner: BoomiSight Product and Security Applies to app: BoomiSight for Confluence Review cadence: Quarterly and before Marketplace submission Status: Publication-ready for Marketplace submission
Data Categories
Section titled “Data Categories”| Data category | Examples | Source | Storage | Retention |
|---|---|---|---|---|
| Space configuration | Boomi account ID, Boomi username, sync interval, dataset flags | Confluence space admin | Forge app storage | Until changed or app uninstalled |
| Credential material | Boomi API token | Confluence space admin | Forge secret storage | Until rotated, removed, or app uninstalled |
| Cached Boomi operational data | Environments, Atoms, environment attachments, deployed packages, component metadata, deployment history, execution records, API/APIM metadata where available, connector inventory | Customer-configured Boomi account | Forge app storage | Replaced by refreshes and cleared when auth context changes |
| Macro configuration | Selected process, runtime, environment, API, date window, display label, and source URL values | Confluence author | Confluence macro configuration | Follows Confluence page retention |
| Operational diagnostics | Feature-probe status, failure class, timestamps, cache freshness | BoomiSight runtime | Forge app storage and operational logs | Used for support and deleted/rotated according to operational policy |
Processing Notes
Section titled “Processing Notes”BoomiSight is designed for per-space configuration. One Confluence space can connect to a different Boomi account or enable different datasets than another space. The app does not intentionally store Boomi API token values outside Forge secret storage.
APIM data is optional enrichment. If the configured Boomi identity cannot read APIM objects, BoomiSight continues to use core runtime and deployment data where available and reports reduced feature readiness.
Minimization Controls
Section titled “Minimization Controls”- The app stores the Boomi username needed for customer-configured API access.
- Tokens are stored in Forge-managed secret storage, not in general app configuration storage.
- Configuration changes that affect Boomi auth clear runtime caches for the space.
- Boomi API response caches are bounded so the app stores only the operational data needed for configured views.
- The app does not collect Atlassian user API tokens.
Data Subject and Deletion Requests
Section titled “Data Subject and Deletion Requests”Requests can be sent to [email protected] or [email protected]. For customer-controlled Boomi content, the customer remains responsible for source-system correction and deletion. Flowdence can support removal of BoomiSight configuration, secrets, and cached snapshots from Forge storage.
Data Handling Assurance
Section titled “Data Handling Assurance”| Area | Public assurance |
|---|---|
| Configuration and credentials | Space configuration and Boomi credentials are stored in Forge-managed services, with credentials protected as secrets. |
| Cache lifecycle | Cached Boomi operational data is refreshed, replaced, or cleared when configuration changes affect the Boomi authentication context. |
| Boomi REST access | BoomiSight sends configured requests to the Boomi REST API endpoint needed to display customer-selected operational data. |
| Atlassian data | BoomiSight does not intentionally collect Atlassian user API tokens and uses Confluence context only as needed to provide configured app features. |