🔐Security statement
This security statement applies to the Cloud version of the Feature Bundle
Last updated
This security statement applies to the Cloud version of the Feature Bundle
Last updated
We are committed to improving our security posture. That’s why we created this page to answer basic questions about security in the Feature Bundle app. For company-level security approach, please refer to the Trust Center.
Architecture
Feature Bundle is a 'Connect on Forge' app. It’s written in Java in the backend and React in the front end. The app is hosted on Heroku.
What do the data flows look like?
What do the architectural diagrams look like?
What data does the app process?
The app process user data (accountId, email, locale, etc.), user permissions, organizations information, issue data, Jira configuration (application properties, statuses, roles, workflows), request type information, service desk project information, Insight objects information
What data does the app store, and where?
Each feature proceeds with the data in a different way. We have a list of the features from the app below with comments. All data are stored in the Heroku Postgres in the US region except the Incident Banner data.
Feature | How we process the data |
Edit Request | Edited data are transferred from the web browser to our server via HTTPS protocol. Then the app calls Jira REST API to store new values on the issue. We do not store any information during this operation. We only store configuration settings. |
Request Steps | We do not store any information when using this feature by customers. We only store configuration settings, including the steps name and description. |
Request Details View | We do not store any information when using this feature by customers. We only store configuration settings. |
Dynamic announcements | We store the announcements content and the configuration settings. When you delete the announcement, the data are deleted from the app’s database immediately. |
Incident Banner | This is the Forge module. We store the content in the Forge Storage. |
What permission does the app require?
This app requires five permissions:
View email addresses of users
Administer the host application
Administer Jira projects
Delete data from the host application
Write data to the host application
Read data from the host application
Does the app encode all data in transit and at rest?
Yes.
Does the app support data residency?
No. If you are interested in enabling your region, please get in touch with us at support@appsvio.com
Does the app have a data retention policy?
Yes. The data are deleted 90 days after the app is uninstalled or after the first site’s inactivity. More information is available in Data Retention Policy.
Does the app have a data backup policy?
Yes. More information is available in Data Backup Policy.
Useful links and more information Privacy Policy of Appsvio apps
If you have any questions about the security, e-mail security@appsvio.com
