Security statement

We are committed to improving our security posture. That’s why we created this page to answer basic questions about security in the Feature Bundle app. For company-level security approach, please refer to the Trust Center.

Architecture

Feature Bundle is a 'Connect on Forge' app. It’s written in Java in the backend and React in the front end. The app is hosted on Heroku.

What do the data flows look like?

What do the architectural diagrams look like?

What data does the app process?

The app process user data (accountId, email, locale, etc.), user permissions, organizations information, issue data, Jira configuration (application properties, statuses, roles, workflows), request type information, service desk project information, Insight objects information

What data does the app store, and where?

Each feature proceeds with the data in a different way. We have a list of the features from the app below with comments. All data are stored in the Heroku Postgres in the US region except the Incident Banner data.

What permission does the app require?

This app requires five permissions:

• View email addresses of users

• Administer the host application

• Administer Jira projects

• Delete data from the host application

Does the app encode all data in transit and at rest?

Yes.

Does the app support data residency?

No. If you are interested in enabling your region, please get in touch with us at

Does the app have a data retention policy?

Yes. The data are deleted 90 days after the app is uninstalled or after the first site’s inactivity. More information is available in .

Does the app have a data backup policy?

Yes. More information is available in .

Useful links and more information

If you have any questions about the security, e-mail