Security Policy for Atlassian Jira Plugins
Introduction
This document covers security aspects for all Atlassian Jira plugins developed by Programmer Hat.
It is important to understand that Atlassian Cloud plugins are separate web services that are hosted by their vendors. This is a consequence of Atlassian Cloud products architecture. It means that the service and its data are maintained by the vendors.
Read the Privacy Policy to understand what data is transferred and stored on our servers.
To integrate our apps with Atlassian Cloud products we use the Atlassian Forge framework which is created and maintained by Atlassian. This provides an additional layer of security and separates our apps from sensitive data stored on the Atlassian side (such as passwords and payment details).
The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security
Data storage
All data is stored using Atlassian Forge’s Storage API. This means you can be assured the data is only stored in the same country in which your Atlassian Jira instance is hosted. You can also be assured the data has the same standard level of security that Atlassian applies to their own in-house products.
We do NOT store any data on our own servers, data centers, or any cloud providers (such as Amazon Web Services, Azure, Google Cloud Platform, or Digital Ocean).
Backups
Because we store all data using Atlassian Forge’s Storage API, data is backed up and preserved as part of disaster recovery, and can be restored. However, these backups are currently not accessible to partners (like Programmer Hat) and customers. Atlassian Forge keeps extensive backups. Read more about their backup policy here.
Data protection
We encrypt all network transmissions using Transport Layer Security (TSL) technology. We safeguard our services against web attacks such as SQL injections, XSS or XSRF.
We perform regular peer code reviews and security audits to minimize security risks. We participate in open source Bugcrowd Bug Bounty Program.