Security and Data Privacy

Simple Stakeholder Map is built on Atlassian Forge and follows a minimal-access model.

Data storage model

• App data is stored using Forge app storage
• Data is scoped by Jira project context
• No separate external database is required for normal operation

Permissions model

The app requests only:

• read:jira-work
• read:jira-user
• storage:app

These permissions are used to read Jira context, display user-related information, and store app records.

What data is typically stored

• Stakeholder records (for example: name, role, ratings, notes)
• Communication tasks and status updates
• Engagement level assessments (current and desired)
• Audit-style change history for traceability

Data isolation expectations

• One project’s data is not mixed with another project’s data
• Access aligns with Jira project visibility and membership

Privacy and governance recommendations

• Avoid storing sensitive personal data in free-text notes
• Keep descriptions business-relevant and minimal
• Define an internal retention policy for stale stakeholder/task records
• Limit project access to users who need to participate

Security best practices for admins

• Review app permissions during installation
• Periodically review Jira project membership
• Use least-privilege access principles in Jira roles

Related pages

• Configuration and Permissions
• Troubleshooting and FAQ