Start Free Trial

Security Policy

Last Updated: October 23, 2025

1. Our Commitment to Security

At SprintRhythm-for-Jira, we take the security of your data seriously. We are committed to protecting the information you entrust to us. This policy outlines the security measures we have in place to safeguard your data when you use our Jira addon ("Service").

2. Platform Security: Atlassian Forge

Our Service is built and hosted on Atlassian's Forge platform, a serverless environment with security built-in. We rely on the robust security infrastructure provided by Atlassian to ensure your data is protected. Key security features of the Forge platform include:

  • Data Segregation: All data is stored within your Jira site's dedicated Forge storage. As the developer, we do not have direct access to the underlying data you store when using our app.
  • Infrastructure Management: Atlassian manages the underlying infrastructure, including physical security, network security, and system patching, reducing the risk of common vulnerabilities.
  • Encryption: The Forge platform handles data encryption both in transit (using TLS) and at rest, ensuring your data is protected from unauthorized access. We do not implement additional, custom encryption on top of the platform's native capabilities.

3. Access Control

Access to the production environment and application settings is strictly limited to authorized personnel only (the developer). We adhere to the principle of least privilege, ensuring that access is granted only where necessary to maintain and support the Service.

4. Secure Development Practices

We are committed to building secure software from the ground up. Our development practices include:

  • Code Reviews: All code is reviewed before being deployed to production to identify potential security flaws and ensure adherence to best practices.
  • Dependency Management: We regularly scan our third-party dependencies for known vulnerabilities and apply patches in a timely manner using tools like `npm audit`.

5. Incident Response

While we strive to prevent security incidents, we have a response plan in place to address them if they occur. In the event of a security breach or the discovery of a critical vulnerability, our plan is to:

  • Investigate: Promptly investigate the incident to understand the scope and impact.
  • Remediate: Take immediate steps to contain and patch the vulnerability.
  • Notify: Inform affected users and stakeholders about the incident and the steps we are taking to resolve it, in accordance with our legal and contractual obligations.

6. Contact Us

If you have discovered a security vulnerability or have any questions about our security practices, please contact us immediately at: ido.bruker2@gmail.com.