Customer audit data lives in Forge SQL, using the app's Atlassian-hosted MySQL database for each installation. This app does not persist customer audit data in any external service, remote, or separate database.
The frontend stores only two UI preference flags in browser localStorage to control panel visibility in the operations UI.
Exports are generated from Forge functions and then downloaded in the browser as a local file. The app does not store a separate exported copy after generation.
CommentLedger stores one audit row per captured comment event. Audit events are written as new rows rather than updates to prior audit rows. Audit rows may still be removed later by configured retention policy.
By default, the app keeps all audit history until an administrator changes the retention policy.
Comments are stored as normalized text. When Jira sends Atlassian Document Format content, the app stores extracted readable text rather than the full original ADF document. Links, mentions, emoji, status text, lists, tables, and upload filenames are flattened into text for audit display and export.
Architecture
Where customer data lives
Customer audit data lives in Forge SQL, using the app's Atlassian-hosted MySQL database for each installation. This app does not persist customer audit data in any external service, remote, or separate database.
The frontend stores only two UI preference flags in browser localStorage to control panel visibility in the operations UI.
Exports are generated from Forge functions and then downloaded in the browser as a local file. The app does not store a separate exported copy after generation.
What data is stored
Append-only audit history
CommentLedger stores one audit row per captured comment event. Audit events are written as new rows rather than updates to prior audit rows. Audit rows may still be removed later by configured retention policy.
By default, the app keeps all audit history until an administrator changes the retention policy.
Comments are stored as normalized text. When Jira sends Atlassian Document Format content, the app stores extracted readable text rather than the full original ADF document. Links, mentions, emoji, status text, lists, tables, and upload filenames are flattened into text for audit display and export.
Latest known comment state
CommentLedger also stores the latest known state for each comment so the app can detect duplicates, recover after interruptions, and infer deletions.
When capture begins
Automatic audit capture begins when the app is installed. It cannot recreate intermediate edits that were never observed.
Visibility and permissions
The app does not show audit data to every installed user. Visibility is limited by both Forge app permissions and the user's live Jira permissions.
App-specific permissions
View Comment Audit LogUsers need this project permission to view the audit history for issues in that project.Use CommentLedger PageUsers need this global permission to open the global Comment Audit Log browser.Manage CommentLedger SettingsUsers need this global permission to open the operations page, run maintenance, and change retention settings.Jira visibility checks
Even after the app-specific permission checks pass, the app still filters rows through Jira visibility checks:
Deleted comments are shown when the stored visibility metadata indicates one of these:
Next steps