We are committed to improving our security posture. That’s why we created this page to answer basic questions about security in the Issue Merger Pro app.

Architecture

Issue Merger Pro is a Connect app. It’s written in Java in the backend and React in the front end. The app is hosted on Heroku.

What do the data flows look like?

What do the architectural diagrams look like?

What data does the app process?

The app process issue data, project configuration (properties, Jira global configuration (statues, links, workflows, etc.), user permissions, service desk information, request information (request participant).

What data does the app store?

The app stores app data (settings, presets, Auto-merge rules), merge history (date, issue keys, merged fields, excluding values). No issue data is stored on the app database.

Where are the data stored?

All data are stored in the Heroku Postgres in the US region.

What permission does the app require?

This app requires six permissions:

• Act on a user's behalf, even when the user is offline

• Administer the host application

• Administer Jira projects

• Delete data from the host application

• Write data to the host application

• Read data from the host application

Does the app encode all data in transit and at rest?

Yes.

Does the app support data residency?

No. If you are interested in enabling your region, please contact us at support@appsvio.com

Does the app have a data retention policy?

Yes. The data are deleted 90 days after the app is uninstalled or after the first site’s inactivity. More information is available in Data Retention Policy.

Does the app have a data backup policy?

Yes. More information is available in Data Backup Policy.

Useful links and more information Privacy Policy of Appsvio apps

If you have any questions about the security, e-mail security@appsvio.com