Introduction

We have been receiving a significant number of security questionaires from our users.
We thought it will be good to share our thoughts and actions taken publicly.

Open

Security should not be compromised

Security is a continuous race rather than a one-time effort.
Prevention is better than cure. It takes more effort to fix security issues than to prevent them.

• We have been integrating reasonable security practices in our design and development process

• We have periodic security awareness reminders to our team because they are the best enforcement agents

• We are participating in the Atlassian Marketplace Security Bug Bounty Program

• We are working to add our Cloud apps to the Atlassian Cloud Fortified Apps Program gradually

Privacy is our priority

We value everyone’s privacy just like our privacy

• We do not put customer logos on our website

  • We believe we can get credibility with over 9000+ installs for 35 apps in Atlassian Marketplace

• We do not post photos of our employees on our social media

  • An example is we are using avatars in Our Engineering Team on our website

Security by Simplicity

Security is a heavy responsibility and user data is a big liability.
Even big companies with huge investments in security are being challenged from time to time.
Since we want to be agile and focused on building useful software, we defined boundary markers for ourselves to keep things simple.

• We try to keep our processes simple instead of having tons of lengthy policies that is difficult to regulate

• We avoid liabilities and risks that is unnecessary and whenever possible

• We do not have user analytics in our apps (both for Cloud and Data Center apps)

• We do not build apps that process or store user data at our end

  • That is a key reason why some of our DC apps do not have a Cloud edition

  • Our Forge apps do not have data egress except for Tissue for Jira Cloud

    Open