Security Statement

Time Reports for Jira Cloud is Atlassian Connect Add-On (Add-On) Software as a Service (SaaS).

Data Security

The Add-On is static, i.e. all data (specifically Time Tracking data) is requested from Jira Cloud and processed by add-on client side in End User Browser and is not passed anywhere else.

Here is the list of Jira REST API used client side:

Add-on persists add-on configuration (group names, link or field names selected in add-on configuration) in Jira Cloud itself using Hosted Data Storage service.

Add-On declares READ scope to access data as just described.

Add-On also declares WRITE and DELETE scopes to manage (create/update/delete) worklog records from add-on report or dashboard item in Jira Cloud.

Privacy Policy

There is no usage data collected by the add-on. There is only diagnostic logging in case of error. Add-on uses Papertrail logging service via Heroku to log execution stack trace and error cause details, including information, provided by Atlassian Connect Framework, e.g. https://timereports.github.io/timereports.html?v=2&xdm_e=https%3A%2F%2Fbexample.atlassian.net&xdm_c=channel-timereports__timereports-gadget7016469871150166606&cp=&xdm_deprecated_addon_key_do_not_use=timereports&lic=active&cv=1.525.0" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko" .

Managing Security Vulnerabilities

Security vulnerability bugs, when found, get highest priority and are fixed in 2 days and rolled out immediately, without any notification.

Refernces