Security statement
We are committed to improving our security posture. That’s why we created this page to answer basic questions about security in the ITSM Reports app. For company-level security approach, please refer to the Trust Center.
Architecture
ITSM Reports is built on the Forge platform. The app connects to Jira using OAuth2. It’s written in React and TypeScript.
What customer data does the app process?
We process accountIds, email addresses, display name.
What data does the app store?
The application permanently stores the saved widget configuration. Additionally, it uses ForgeKVS storage as a cache for generated report data (the data is retained for a maximum of 1 hour).
Where are the data stored?
All data are stored on the Atlassian infrastructure. The app configuration is stored via Forge Storage.
What permission does the app require?
| Permission | Usage |
|---|---|
| storage:app | Store widget configuration, cached report data in KVS |
| read:jira-work | Read Jira issues/fields/projects used by reports (assignee workload, time distribution, org-based counts). |
| read:servicedesk-request | Read JSM-specific data (CSAT, SLA, request channel, request type). |
| read:cmdb-schema:jira | Purpose: Read Assets/CMDB schemas (object types/attributes) to build/interpret AQL-based reports. |
| read:cmdb-object:jira | Read Assets objects via AQL (e.g., counts per class). |
| manage:servicedesk-customer | Read JSM customers and organization memberships. |
Does the app encode all data in transit and at rest?
Yes.
Does the app support data residency?
Yes, thanks to using the Atlassian Forge platform. Here is the official announcement from Atlassian: https://www.atlassian.com/blog/developer/data-residency-is-coming-soon-in-beta-to-forge-hosted-storage-take-action-now-to-support-your-customers
Does the app have a data retention policy?
Yes. Upon written request, Appsvio and Atlassian will delete all End User Personal Data (including copies). More information is available in Forge DPA.
Does the app have a data backup policy?
Yes. More information is available in https://www.atlassian.com/trust/security/data-management.
Useful links and more information
Privacy Policy of Appsvio apps
If you have any questions about the security, e-mail security@appsvio.com.