πSecurity statement
This security statement applies to the Cloud version of the Multilevel Select
We are committed to improving our security posture. Thatβs why we created this page to answer basic questions about security in the Multilevel Select app.
Since Oct 2023, we've been SOC2 type II compliant to meet the highest and most professional standards.
The SOC 2 report is available to all our customers at any time at our Trust Center.
Architecture
Multilevel Select is built on the Forge platform. The app connects to Jira using OAuth2. Itβs written in React and TypeScript.
What does the data flow look like?
TBD
What customer data does the app process?
We process accountIds.
What data does the app store?
The app stores options within the custom fields.
Where are the data stored?
All data are stored on the Atlassian infrastructure. Custom field options and app settings are stored via Forge Storage.
What permission does the app require?
This app requires four permissions:
Take Jira administration actions (e.g. create projects and custom fields, view workflows, manage issue link types).
View audit logs.
View system and custom avatars.
Read custom field contextual configurations.
Read field configurations.
View fields.
View issue details.
View issue meta.
View issue security levels.
View issue types.
View issue changelogs.
View issue votes.
View issues.
View user information in Jira that the user has access to, including usernames, email addresses, and avatars.
Read Jira project and issue data, and search for issues and objects associated with issues like attachments and worklogs.
View the profile details for the currently logged-in user.
View project categories.
View projects.
View statuses.
View user configurations.
View users.
Read and write to the app storage service
Create and update issues.
Create and edit issues in Jira, post comments as the user, create worklogs, and delete issues.
Does the app encode all data in transit and at rest?
Yes.
Does the app support data residency?
Yes, thanks to using the Atlassian Forge platform. Here is the official announcement from Atlassian: https://www.atlassian.com/blog/developer/data-residency-is-coming-soon-in-beta-to-forge-hosted-storage-take-action-now-to-support-your-customers
Does the app have a data retention policy?
Yes. Appsvio and Atlassian will delete all End User Personal Data (including copies) upon written request. More information is available in Forge DPA.
Does the app have a data backup policy?
Yes. More information is available in https://www.atlassian.com/trust/security/data-management
Useful links and more information
If you have any questions about the security, e-mail security@appsvio.com.
Last updated