Security Statement

Time Reports for Jira Cloud is Atlassian Connect Add-On (Add-On) Software as a Service (SaaS).

Data Security

The Add-On is static, i.e. all data (specifically Time Tracking data) is requested from Jira Cloud and processed by add-on client side in End User Browser and is not passed anywhere else.

Here is the list of Jira REST API used client side:

Add-on persists add-on configuration (group names, link or field names selected in add-on configuration) in Jira Cloud itself using Hosted Data Storage service.

Add-On declares READ scope to access data as just described.

Add-On also declares WRITE and DELETE scopes to manage (create/update/delete) worklog records from add-on report or dashboard item in Jira Cloud.

Privacy Policy

There is no usage data collected by the add-on, beside diagnostics logging in case of error. Add-on uses Papertrail logging service via Heroku to log execution stack trace and cause details, including user information, as passed by Atlassian Connect Framework, e.g. Note, there is no support team maintaining the add-on, so no one else can access the logs.

Managing Security Vulnerabilities

Security vulnerability bugs, when found, get highest priority and are fixed in 2 days and rolled out immediately, without any notification.