We are committed to improving our security posture. That’s why we created this page to answer basic questions about security in the Multilevel Select app.

Architecture

Multilevel Select is built on the Forge platform. The app connects to Jira using OAuth2. It’s written in React and TypeScript.

What does the data flow look like?

TBD

What customer data does the app process?

We process accountIds.

What data does the app store?

The app stores options within the custom fields.

Where are the data stored?

All data are stored on the Atlassian infrastructure. Custom field options and app settings are stored via Forge Storage.

What permission does the app require?

This app requires four permissions:

• Take Jira administration actions (e.g. create projects and custom fields, view workflows, manage issue link types).

• View audit logs.

• View system and custom avatars.

• Read custom field contextual configurations.

• Read field configurations.

• View fields.

• View issue details.

• View issue meta.

• View issue security levels.

• View issue types.

• View issue changelogs.

• View issue votes.

• View issues.

• View user information in Jira that the user has access to, including usernames, email addresses, and avatars.

• Read Jira project and issue data, search for issues, and objects associated with issues like attachments and worklogs.

• View the profile details for the currently logged-in user.

• View project categories.

• View projects.

• View statuses.

• View user configurations.

• View users.

• Read and write to app storage service

• Create and update issues.

• Create and edit issues in Jira, post comments as the user, create worklogs, and delete issues.

Does the app encode all data in transit and at rest?

Yes.

Does the app support data residency?

No.

Does the app have a data retention policy?

Yes. Appsvio and Atlassian will delete all End User Personal Data (including copies) upon written request. More information is available in Forge DPA.

Does the app have a data backup policy?

Yes. More information is available in https://www.atlassian.com/trust/security/data-management

Useful links and more information Privacy Policy of Appsvio apps

If you have any questions about the security, e-mail