Security statement

This security statement applies to the Cloud version of the Multilevel Select

Last updated 10 months ago

Was this helpful?

Security statement

This security statement applies to the Cloud version of the Multilevel Select

We are committed to improving our security posture. That’s why we created this page to answer basic questions about security in the Multilevel Select app.

Since Oct 2023, we've been SOC2 type II compliant to meet the highest and most professional standards.

The SOC 2 report is available to all our customers at any time at our .

Architecture

is built on the platform. The app connects to Jira using . It’s written in React and TypeScript.

What does the data flow look like?

TBD

What customer data does the app process?

We process accountIds.

What data does the app store?

The app stores options within the custom fields.

Where are the data stored?

All data are stored on the Atlassian infrastructure. Custom field options and app settings are stored via .

What permission does the app require?

This app requires four permissions:

Take Jira administration actions (e.g. create projects and custom fields, view workflows, manage issue link types).
View audit logs.
View system and custom avatars.
Read custom field contextual configurations.
Read field configurations.
View fields.
View issue details.
View issue meta.
View issue security levels.
View issue types.
View issue changelogs.
View issue votes.
View issues.
View user information in Jira that the user has access to, including usernames, email addresses, and avatars.
Read Jira project and issue data, and search for issues and objects associated with issues like attachments and worklogs.
View the profile details for the currently logged-in user.
View project categories.
View projects.
View statuses.
View user configurations.
View users.
Read and write to the app storage service
Create and update issues.
Create and edit issues in Jira, post comments as the user, create worklogs, and delete issues.

Does the app encode all data in transit and at rest?

Yes.

Does the app support data residency?

Does the app have a data retention policy?

Does the app have a data backup policy?

Useful links and more information

Previous💬 FAQ NextKnown limitations

Last updated 10 months ago

Was this helpful?

We are committed to improving our security posture. That’s why we created this page to answer basic questions about security in the Multilevel Select app.

Since Oct 2023, we've been SOC2 type II compliant to meet the highest and most professional standards.

The SOC 2 report is available to all our customers at any time at our .

Architecture

is built on the platform. The app connects to Jira using . It’s written in React and TypeScript.

What does the data flow look like?

TBD

What customer data does the app process?

We process accountIds.

What data does the app store?

The app stores options within the custom fields.

Where are the data stored?

All data are stored on the Atlassian infrastructure. Custom field options and app settings are stored via .

What permission does the app require?

This app requires four permissions:

Take Jira administration actions (e.g. create projects and custom fields, view workflows, manage issue link types).
View audit logs.
View system and custom avatars.
Read custom field contextual configurations.
Read field configurations.
View fields.
View issue details.
View issue meta.
View issue security levels.
View issue types.
View issue changelogs.
View issue votes.
View issues.
View user information in Jira that the user has access to, including usernames, email addresses, and avatars.
Read Jira project and issue data, and search for issues and objects associated with issues like attachments and worklogs.
View the profile details for the currently logged-in user.
View project categories.
View projects.
View statuses.
View user configurations.
View users.
Read and write to the app storage service
Create and update issues.
Create and edit issues in Jira, post comments as the user, create worklogs, and delete issues.

Does the app encode all data in transit and at rest?

Yes.

Does the app support data residency?

Yes, thanks to using the Atlassian Forge platform. Here is the official announcement from Atlassian:

Does the app have a data retention policy?

Yes. Appsvio and Atlassian will delete all End User Personal Data (including copies) upon written request. More information is available in .

Does the app have a data backup policy?

Yes. More information is available in

Useful links and more information

If you have any questions about the security, e-mail .