Security Measures

Access Governance for Jira is built on Atlassian Forge and runs entirely on Atlassian’s cloud infrastructure (the “Runs on Atlassian” model). It uses only read-only permissions and moves no customer data off the Atlassian platform. These Security Measures describe the technical and organizational controls protecting customer data, and form the Security Measures referenced by our Data Protection Addendum.

Hosting & infrastructure

• The app runs exclusively on Atlassian Forge, Atlassian’s managed serverless platform. There are no servers, databases, or infrastructure operated by us outside Atlassian’s cloud.
• It therefore inherits Atlassian’s platform security posture and certifications (e.g., SOC 2, ISO 27001) for the underlying infrastructure.

Least-privilege access

• The app requests only read-only Jira permissions — it can read access and permission configuration, but cannot modify a customer’s Jira data or settings.
• Only Jira administrators can install and use the app, and it operates strictly within the scopes the customer grants at installation.

No data egress

• The app declares no external network or egress permissions. Customer data never leaves the Atlassian platform.
• There is no third-party analytics, no external error/APM monitoring, and no external storage in the data path. The Forge runtime’s content-security policy enforces this at the platform level.

Data storage & location

• Derived and cached data (the access graph the app builds from a customer’s Jira configuration) is stored only in Atlassian-hosted Forge storage, within Atlassian’s environment.
• Encryption in transit and at rest is provided by the Atlassian platform.

Data retention & deletion

• Customer data is held only in Atlassian-hosted Forge storage and deleted when the app is uninstalled, in accordance with Atlassian’s Forge platform data lifecycle.

Sub-processors

• We use no sub-processors for customer personal data beyond Atlassian, which hosts the platform and infrastructure on which the app runs.

Logging, audit & monitoring

• The app maintains an in-product audit log of governance actions and supports CSV/JSON export of evidence.
• Operational logging uses the Forge platform’s logging and metrics; no logs containing customer data are sent off-platform.

Vulnerability & patch management

• Running on Forge means the runtime is managed and patched by Atlassian.
• Application code is version-controlled and deployed through Atlassian’s Forge pipeline; releases follow Atlassian’s staged-rollout and versioning model.

Incident response

• To report a security concern, contact security@citizenkade.com. We acknowledge reports promptly and coordinate remediation, including through Atlassian’s platform mechanisms where applicable.

Changes to these measures

We may update these Security Measures to reflect changes to the product or platform. Material changes will be reflected by an updated version number and date above.