Security statement

We are committed to improving our security posture. That’s why we created this page to answer basic questions about security in the Multilevel Select app.

Since Oct 2023, we've been SOC2 type II compliant to meet the highest and most professional standards.

Architecture

is built on the platform. The app connects to Jira using . It’s written in React and TypeScript.

What does the data flow look like?

TBD

What customer data does the app process?

We process accountIds.

What data does the app store?

The app stores options within the custom fields.

Where are the data stored?

All data are stored on the Atlassian infrastructure. Custom field options and app settings are stored via .

What permission does the app require?

This app requires four permissions:

• Take Jira administration actions (e.g. create projects and custom fields, view workflows, manage issue link types).

• View audit logs.

• View system and custom avatars.

• Read custom field contextual configurations.

• Read field configurations.

• View fields.

• View issue details.

• View issue meta.

• View issue security levels.

• View issue types.

• View issue changelogs.

• View issue votes.

• View issues.

• View user information in Jira that the user has access to, including usernames, email addresses, and avatars.

• Read Jira project and issue data, and search for issues and objects associated with issues like attachments and worklogs.

• View the profile details for the currently logged-in user.

• View project categories.

• View projects.

• View statuses.

• View user configurations.

• View users.

• Read and write to the app storage service

• Create and update issues.

• Create and edit issues in Jira, post comments as the user, create worklogs, and delete issues.

Does the app encode all data in transit and at rest?

Yes.

Does the app support data residency?

Does the app have a data retention policy?

Does the app have a data backup policy?

Useful links and more information