Security Statement

Timesheet Reports and Gadgets for Jira Cloud is Atlassian Connect Add-On (Add-On) Software as a Service (SaaS).

Data Security

The Add-On reads Jira data (specifically Time Tracking data) from Jira Cloud instance and processes it client side (in end user Browser), unless add-on REST API is used. In the latter case data is processed server side, instantly, i.e. data is not cached or stored anywhere.

Here is the list of Jira REST API used:

Add-on persists add-on configuration (group names, link or field names selected in add-on configuration) in Jira Cloud itself using Hosted Data Storage service.

Add-On declares READ and ACASUSER scopes to access data as just described by add-on backend.

Add-On also declares WRITE and DELETE scopes to manage (create/update/delete) worklog records from add-on report or dashboard item in Jira Cloud.

Privacy Policy

Add-on may log usage details for better diagnostics in case of error. Add-on uses Papertrail logging service via Heroku to log execution stack trace and cause details, including user information, as passed by Atlassian Connect Framework, e.g. https://timereports.github.io/timereports.html?project.key=DEMO&v=2&tz=Europe%2FPrague&loc=en-US&user_id=admin&user_key=admin&xdm_e=https%3A%2F%2Fprimetimesheet.atlassian.net&xdm_c=channel-timereports__timereports&cp=&lic=active&cv=1.1.91. Note, there is no support team maintaining the add-on, so no one else can access the logs.

Managing Security Vulnerabilities

Security vulnerability bugs, when found, get highest priority and are fixed in 2 days and rolled out immediately, without any notification.

Refernces