Security Statement

Time Reports for Jira Cloud is Atlassian Connect Add-On (Add-On) Software as a Service (SaaS).

Data Security

The Add-On is static, i.e. all data (specifically Time Tracking data) is requested from Jira Cloud and processed by add-on client side in End User Browser and is not passed anywhere else.

Here is the list of Jira REST API used client side:

Add-on persists add-on configuration (group names, link or field names selected in add-on configuration) in Jira Cloud itself using Hosted Data Storage service.

Add-On declares READ scope to access data as just described.

Add-On also declares WRITE and DELETE scopes to manage (create/update/delete) worklog records from add-on report or dashboard item in Jira Cloud.

Privacy Policy

There is no usage data collected by the add-on, beside diagnostics logging in case of error. Add-on uses Papertrail logging service via Heroku to log execution stack trace and cause details, including user information, as passed by Atlassian Connect Framework, e.g. https://timereports.github.io/timereports.html?project.key=DEMO&v=2&tz=Europe%2FPrague&loc=en-US&user_id=admin&user_key=admin&xdm_e=https%3A%2F%2Fprimetimesheet.atlassian.net&xdm_c=channel-timereports__timereports&cp=&lic=active&cv=1.1.91. Note, there is no support team maintaining the add-on, so no one else can access the logs.

Managing Security Vulnerabilities

Security vulnerability bugs, when found, get highest priority and are fixed in 2 days and rolled out immediately, without any notification.

Refernces