Data stored on Mobile Device
When you connect to JIRA via JIRA Connect there is no data stored locally on your mobile device. All data retrieved from JIRA via the REST API is used for display purposes only and does not reside on the device permanently. Avatar images and icons are cached for 24 hours, all other data is discarded immediately. Before you connect, make sure your JIRA server uses SSL and you connect via https or use a MDM system such as MobileIron or a VPN. Not encrypted connections are not secure. User names and passwords can be stored on the mobile device but are encrypted in both version iOS as well as Android.
Data stored by Mobility Add-On (server version)
The Mobility add-on stores your user’s device identifier within JIRA, including their preferences what notifications to receive. No other data is stored. When a user entry is deleted all this information is discarded.
Data stored by Mobility Add-On (cloud version)
The only data sent to MobilityStream is information about your JIRA instance (name, version, install data, license information). After that your users’ devices will authenticate once per 12 or 24 hours against the MobilityStream service. MobilityStream will check the license information against the server. No other information is sent to MobilityStream.