Privacy & data storage
Where HTML Macro Pro stores data, how a Confluence macro renders through the sandbox, EU hosting and the permissions the app requests.
Where your content lives
The macro content you enter (URLs and code) is stored by Confluence itself, inside your pages, the same way any other macro body is stored. It does not live on OST servers.
What happens at render time
When someone views a page, the app sends the macro content to its backend, which holds it in an ephemeral cache for about one minute and returns a one-time signed URL. The sandboxed iframe loads that URL from a separate domain, where your administrator’s Content Security Policy is applied as a real CSP header. The content is then discarded from the cache automatically. Macro content is never stored at rest on OST servers.
How a macro renders: the content passes through a short-lived cache and renders in an isolated frame.
What we store
Per workspace, the app stores:
- A workspace record (your cloud id and site URL).
- Your Content Security Policy mode and rules.
- Your User Permissions settings (mode plus selected group names).
What we do not store: page content, macro content at rest, or personal data beyond the Confluence account ID used for permission checks. All of it is removed when the app is uninstalled. Error monitoring uses anonymized error and usage telemetry.
Hosting
The backend and the sandbox are hosted in Frankfurt, Germany (EU).
Sandbox isolation
Embedded content runs in a cross-origin frame on a separate domain. It cannot access the Confluence page, your cookies or your session, even if the code is buggy or malicious. The FAQ explains how the sandbox works in more detail.
Permissions the app requests
| Permission | Why the app needs it |
|---|---|
| Read Confluence content | Read the macro body from your pages so it can render |
| Read Confluence user | Identify the current user for permission checks |
| Read Confluence groups | Load the group list for the User Permissions selector |
| Read Confluence properties and space summaries | Check space and page permissions |
| App system token | Handle the install lifecycle |
All scopes are read-only. The app cannot write to your pages.
Where to go next
- Managing security: Content Security Policies and group permissions.
- Frequently asked questions: the sandbox, uninstalling and data handling.
Add HTML Macro Pro to Confluence
Securely embed websites and custom code in your Confluence pages.