Security & Privacy

OneNoteToWiki is built with security and data privacy in mind. This section explains how the app handles your data, what permissions are required, and how you stay in control of your content.

πŸ”’ What data is accessed?

To perform the sync between OneNote and Confluence, OneNoteToWiki accesses:

From Microsoft (via Graph API):

  • Your list of OneNote notebooks

  • The structure and content of sections and pages within selected notebooks

From Atlassian (via Forge API):

  • Confluence space and page structure (for creating or updating pages)

  • Your app-specific configuration settings (rules, sync metadata)

βœ… The app never reads or modifies notebooks outside of your selected rule
βœ… The app does not store your OneNote content permanently outside your instance

πŸ“‚ Where is data stored?

  • Sync configurations are stored inside your Confluence Cloud environment (Forge-hosted)

  • No OneNote content is permanently stored by the app

  • Temporary sync data (such as content diffs or task queues) is processed in Atlassian’s Forge infrastructure and cleared after execution

πŸ” Permissions & OAuth Access

OneNoteToWiki uses OAuth 2.0 to request access from:

Microsoft (Graph API)

  • Scope: Notes.Read.All

  • Used to read notebooks and sync content

Atlassian (Forge App)

  • Scope: write:confluence-content, read:confluence-content

  • Used to create/update Confluence pages and manage settings

You will be prompted to explicitly authorize access when connecting your Microsoft account.

πŸ›‘ You can revoke access at any time in your Microsoft account settings:
https://account.microsoft.com/account β†’ Security β†’ App permissions

πŸ‘€ Who has access?

  • Only Confluence administrators can install the app and create sync rules

  • Only accounts that explicitly connect to Microsoft are used for content access

  • Synced content becomes visible in Confluence according to your space and page permissions

🧾 Compliance Notes

  • OneNoteToWiki does not collect personal data or analytics from end users

  • All processing is done via Forge (Atlassian’s secure serverless platform)

  • Microsoft Graph access is limited to the scopes necessary for the configured notebooks

We aim to meet industry best practices for cloud apps in the Atlassian ecosystem and Microsoft 365 environment.

πŸ› οΈ Questions or Concerns?

If you have any questions about how your data is handled or need a signed data processing agreement (DPA), please reach out to us at mail@craft-coders.de.