We are committed to improving our security posture. That’s why we created this page to answer basic questions about security in the HubSpot Integration app.

Architecture

HubSpot Integration is built on the Forge platform. The app connects to Jira using OAuth2. It’s written in React and TypeScript.

What does the data flow look like?

TBD

What customer data does the app process?

We process accountIds, email addresses, display name.

What data does the app store?

The app stores connection credentials to HubSpot, configuration settings, and custom field values.

Where are the data stored?

All data are stored on the Atlassian infrastructure. The app data is stored via Forge Storage.

What permission does the app require?

This app requires four permissions:

• View user information in Jira that the user has access to, including usernames, email addresses, and avatars.

• Read Jira project and issue data, search for issues, and objects associated with issues like attachments and worklogs.

• View the profile details for the currently logged-in user.

• Read and write to app storage service

Does the app encode all data in transit and at rest?

Yes.

Does the app support data residency?

No.

Does the app have a data retention policy?

Yes. Appsvio and Atlassian will delete all End User Personal Data (including copies) upon written request. More information is available in Forge DPA.

Does the app have a data backup policy?

Yes. More information is available in https://www.atlassian.com/trust/security/data-management

Useful links and more information Privacy Policy of Appsvio apps

If you have any questions about the security, e-mail security@appsvio.com