Security Policy for App Maker for Jira

Overview

App Maker is a data-based app builder for Atlassian products, allowing users to create custom apps without writing or deploying custom code. Our commitment to security is paramount, and we leverage Atlassian's robust Forge platform to ensure the highest standards of data protection and user privacy.

Data Storage and Transmission

• All data associated with App Maker is stored exclusively within Atlassian's Forge platform.
• No data leaves the Forge platform, ensuring a secure and contained environment.
• Data transmission between App Maker and Jira is managed entirely by Atlassian's Forge platform, benefiting from their enterprise-grade security measures.

Authentication and Access Control

• User authentication is handled by Atlassian's Forge platform, ensuring consistency with Atlassian's security standards.
• Access controls and user permissions are managed through Forge, maintaining alignment with existing Atlassian product security models.

Encryption

• Data encryption, both at rest and in transit, is managed by Atlassian's Forge platform, adhering to industry best practices.

Third-Party Integrations

• App Maker does not currently integrate with any third-party services, minimizing potential security risks.

Security Testing and Audits

• We leverage the comprehensive security testing conducted by Atlassian for the Forge platform.
• Regular reviews of our app's configuration ensure ongoing compliance with Forge security best practices.

Incident Response

• In the event of a security incident or breach, our support desk is available for customers to lodge tickets.
• We are committed to prompt and thorough responses to all security-related concerns.

Updates and Patches

• We maintain a rigorous update schedule, sometimes releasing multiple updates per day.
• These frequent updates ensure that App Maker remains current with the latest security enhancements and bug fixes.

User Data Retention and Deletion

• User data retention and deletion processes are managed by Atlassian through the Forge platform.
• We adhere to Atlassian's policies and practices regarding data lifecycle management.

Compliance

• While we do not currently hold specific security certifications, our use of Atlassian's Forge platform ensures alignment with their compliance standards.
• We are committed to continuously evaluating and improving our security practices.

Contact

For any security-related questions or to report a security issue, please contact our support team at support@product-forge.atlassian.net.

We are committed to maintaining the highest standards of security and continuously improving our practices to protect our users and their data.