Unified Privacy & Security Policy - Small Batch Forge Apps for Jira
Last updated: Jan 22, 2026
This unified policy applies to all Small Batch Forge apps for Jira that share the same architectural model and operational practices: Simple Risks for Jira, Simple Bookmarks for Jira, Simple Stakeholder Map for Jira, and Simple Decisions for Jira.
1. Introduction
We build lightweight, secure, and private Atlassian Forge applications that run entirely within Atlassian Cloud. This policy consolidates privacy and security practices across our apps into a single, consistent document. Where functionality differs between apps, those differences are captured in the App-specific Data reference below.
2. Scope
This policy covers the Simple Risks, Simple Bookmarks, Simple Stakeholder Map, and Simple Decisions Forge apps for Jira, their data handling, and their security controls. All apps run on Atlassian Forge; no external servers or databases are used.
3. Platform Architecture
3.1 Host Environment
All apps execute in Atlassian Cloud via Forge. We do not operate external infrastructure. Data transmission occurs within Atlassian Cloud or via TLS 1.2+ between the user's browser and Atlassian.
3.2 Data Storage
- Storage: Atlassian Forge Storage API (Key-Value Storage)
- Encryption: At rest and in transit by Atlassian
- Isolation: Scoped to the customer's Atlassian site; app data is further partitioned by Jira Project or User where appropriate
- No egress: No data is sent to third-party services or external endpoints
4. Authentication and Authorization
- Identity and auth are provided by Atlassian; apps do not manage passwords or credentials
- Operations run with the currently authenticated user context
- Jira permissions are respected; if a user cannot access a project/issue in Jira, they cannot access it via the app
5. Permissions (Scopes)
All apps operate on the principle of least privilege and request only the minimum necessary Atlassian scopes.
| Scope | Purpose | Applies to |
|---|---|---|
| storage:app | Securely store app data in Forge Storage | All apps |
| read:jira-user | Resolve display names/avatars and associate actions with the current user | All apps |
| read:jira-work | Read Jira issues/projects for context and linking | All apps |
| write:jira-worek | Enable UI integrations and issue property links where needed | Simple Risks, Simple Decisions |
6. Application Security
- Input validation and sanitization for all user-provided content
- Strict field length limits appropriate to each app's data model
- No dynamic code execution (no eval); React-based UI may allow limited inline styles where required by the UI framework
- TypeScript and ESLint rules enforce code quality and security checks
7. Automated Security Controls
- CI/CD security scanning with npm audit on each change
- Automated dependency updates via Dependabot (libraries weekly; GitHub Actions monthly)
- Deployment blocking on critical findings (and thresholds for high severity)
- Forge manifest validation via forge lint on every change
- Pre-commit hooks for linting and formatting
8. Data Usage, Sharing, and Egress
- Usage: Only to deliver in-app functionality described in App-specific Data
- Sharing: No sale, transfer, or third-party sharing of data
- Egress: No external API calls outside Atlassian Cloud
9. Data Retention and Deletion
- User control: Users can delete items through the UI; deletion is immediate and permanent for those records
- Bulk and cascading deletion supported where the app provides relationships (e.g., decisions and their impacts)
- Uninstallation: Data remains within Atlassian's storage for your instance until programmatically deleted or purged per Atlassian policies
10. Data Access and Residency
- Access: Project-scoped and/or user-scoped; no cross-project visibility unless granted by Jira permissions
- Residency: Follows your Atlassian Cloud site configuration and Atlassian's data processing agreements
11. GDPR and Data Subject Rights
- Access and rectification: View and edit in-app
- Erasure: Delete items via app UI
- Portability: CSV/Markdown/PDF exports where supported
- Restriction: Visibility governed by Jira permissions and in-app privacy flags where applicable
12. Vulnerability Reporting
- Report via the support contacts on the Atlassian Marketplace listing or via the app's repository security advisory channel
- Acknowledgement target within 48 hours
- Critical issues prioritized as hotfixes
13. Incident Response
- Detection: Automated scanning and user reports
- Assessment: Severity and impact evaluation promptly
- Containment: Hotfix deployment for critical vulnerabilities
- Notification: Communication through Marketplace listing updates and direct channels when appropriate
- Remediation: Fixes, post-incident review, and hardening
14. App-specific Data Reference
The core privacy/security framework above is common across all apps. The primary differences are in the data each app stores and whether write:jira-work is required.
| App | Primary Data Stored | Notable Behaviors |
|---|---|---|
| Simple Risks for Jira | Risk records (title, description, probability, impact, status, owner, mitigation), linked Jira issue keys/metadata, change history, project context | Project-scoped storage; supports issue linking; uses write:jira-work for UI/link integrations |
| Simple Bookmarks for Jira | User bookmarks (issue keys), personal notes, tags, priority, timestamps | User-scoped storage; no write:jira-work; focused on personal organization |
| Simple Stakeholder Map for Jira | Stakeholders (names, emails, roles/titles, engagement profile), classifications (interest/power/attitude), tasks, audit logs; optional privacy flags | Project-scoped storage; UI-level privacy flags restrict visibility in-app; relies on read:jira-work and read:jira-user |
| Simple Decisions for Jira | Decisions (title, description, status, decision date), DACI participants, impacts (category, direction, magnitude, description), links to issues/releases, audit log, custom categories | Project-scoped storage; supports exports; uses write:jira-work for issue property links and UI modules |
15. Content Security Policy
UI components are React-based. Limited unsafe-inline styles may be permitted to support the styling library used. No inline scripts are executed by the apps.
16. Changelog
| Version | Date | Changes |
|---|---|---|
| 1.0 | Jan 22, 2026 | Initial unified privacy and security policy published; consolidates existing app-specific policies |
17. Contact
For questions about this policy or our apps, please use the support channels listed on each app's Atlassian Marketplace page.