Security Statement

Timesheet Reports and Gadgets for Jira Cloud is Atlassian Connect Add-On (Add-On) Software as a Service (SaaS).

Data Security

The Add-On reads Jira data (specifically Time Tracking data) from Jira Cloud instance and processes it client side (in end user Browser), unless add-on REST API is used. In the latter case data is processed server side, instantly, i.e. data is not cached or stored anywhere.

Here is the list of Jira REST API used:

Add-on persists add-on configuration (group names, link or field names selected in add-on configuration) in Jira Cloud itself using Hosted Data Storage service.

Add-On declares READ and ACASUSER scopes to access data as just described by add-on backend.

Add-On also declares WRITE and DELETE scopes to manage (create/update/delete) worklog records from add-on report or dashboard item in Jira Cloud.

Privacy Policy

There is no usage data collected by the add-on. Add-on may log error details for better diagnostics in case of a problem. Add-on uses Papertrail logging service via Heroku to log execution stack trace and cause details, including information, as passed by Atlassian Connect Framework, e.g. https://timesheet-plugin.herokuapp.com/timereports.html?v=3&xdm_e=https%3A%2F%2Fbexample.atlassian.net&xdm_c=channel-jira-timesheet-plugin__timereports-gadget7016469871150166606&cp=&xdm_deprecated_addon_key_do_not_use=jira-timesheet-plugin&lic=active&cv=1.525.0" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko.

Managing Security Vulnerabilities

Security vulnerability bugs, when found, get highest priority and are fixed in 2 days and rolled out immediately, without any notification.

Refernces