Security Policy

This Security Policy describes the measures we take to protect your information when you use our Jira addon ("Service"). We are committed to ensuring the security and integrity of your data.

Our Service is built on the Atlassian Forge platform, which handles user authentication and authorization securely. All requests to our backend services are authenticated using JWT (JSON Web Tokens) provided by Atlassian, ensuring that only authorized users can access the Service's features.

We do not store your documents or personal data on our own servers. When you upload a document, its content is processed in memory and then temporarily cached within Atlassian's secure Forge storage. This cached data is automatically deleted approximately every hour. We do not have access to the contents of your Jira issues.

To provide our AI-powered features, we send the content of your documents to Google's Generative Language API. According to their policies, these services do not store your data long-term or use it to train their models.

We take security seriously and appreciate help from the community. If you discover a security vulnerability, please report it to us through our support email or the Atlassian help desk. We will investigate all reports and do our best to address any issues promptly.