Last updated
Last updated
We are committed to improving our security posture. That’s why we created this page to answer basic questions about security in the Feature Bundle app. For company-level security approach, please refer to the .
Architecture
is a 'Connect on Forge' app. It’s written in Java in the backend and React in the front end. The app is hosted on Heroku.
What do the data flows look like?
What do the architectural diagrams look like?
What data does the app process?
The app process user data (accountId, email, locale, etc.), user permissions, organizations information, issue data, Jira configuration (application properties, statuses, roles, workflows), request type information, service desk project information, Insight objects information
What data does the app store, and where?
Each feature proceeds with the data in a different way. We have a list of the features from the app below with comments. All data are stored in the Heroku Postgres in the US region except the Incident Banner data.
What permission does the app require?
This app requires five permissions:
View email addresses of users
Administer the host application
Administer Jira projects
Delete data from the host application
Write data to the host application
Read data from the host application
Does the app encode all data in transit and at rest?
Yes.
Does the app support data residency?
Does the app have a data retention policy?
Does the app have a data backup policy?
No. If you are interested in enabling your region, please get in touch with us at
Yes. The data are deleted 90 days after the app is uninstalled or after the first site’s inactivity. More information is available in .
Yes. More information is available in .
Useful links and more information
If you have any questions about the security, e-mail
Feature
How we process the data
Edit Request
Edited data are transferred from the web browser to our server via HTTPS protocol. Then the app calls Jira REST API to store new values on the issue. We do not store any information during this operation. We only store configuration settings.
Request Steps
We do not store any information when using this feature by customers. We only store configuration settings, including the steps name and description.
Request Details View
We do not store any information when using this feature by customers. We only store configuration settings.
Dynamic announcements
We store the announcements content and the configuration settings. When you delete the announcement, the data are deleted from the app’s database immediately.
Incident Banner
This is the Forge module. We store the content in the Forge Storage.
This security statement applies to the Cloud version of the Feature Bundle
