Security Policy
Last updated: April 6, 2026
1. Overview
Priority Scoring — RICE, WSJF, ICE & Rovo AI for Jira ("the App") is built on the Atlassian Forge platform and operates entirely within Atlassian's infrastructure under the Runs on Atlassian trust boundary. The App makes no outbound network calls to any external server and stores no credentials of any kind. This document describes the App's security architecture, data protection measures, and our security practices.
2. Architecture & Runtime Environment
The App runs entirely within Atlassian's Forge runtime:
- No developer-operated servers: There is no external backend, database, or infrastructure operated by us. All compute and storage is provided by Atlassian.
- Sandboxed execution: Forge functions execute in isolated, sandboxed containers with restricted system access managed by Atlassian.
- No external network egress: The App does not make outbound requests to any server outside the Atlassian platform. There are no external API keys, third-party services, or developer-controlled endpoints involved.
- Rovo AI: The AI scoring feature is powered entirely by Atlassian's Rovo platform. Issue content passed to the Rovo agent stays within Atlassian's infrastructure and is governed by Atlassian Intelligence data handling terms.
3. Access Control
| Control | Details |
|---|---|
| User-context actions | Score values written to Jira custom fields as a direct result of user input use api.asUser(), inheriting the user's existing Jira permissions. |
| App-context actions | All other Jira API calls (reading issues, health checks, field discovery) as well as Rovo AI agent actions use api.asApp() with app-level scopes declared in the manifest. |
| Minimal API scopes | The App requests only the scopes required for its features: storage:app, read:jira-work, write:jira-work, and Rovo-specific scopes. No admin-level Jira permissions are requested. |
| Rovo AI apply-mode control | Administrators can restrict the Rovo AI agent to "suggest only" or "confirm before apply" mode, preventing the agent from autonomously writing scores without user approval. |
| Developer access | None. We cannot read, access, or export any data stored in your Jira instance or Forge storage. All data resides within Atlassian's infrastructure. |
4. Data Protection
Data in transit:
- All Forge-to-Jira API calls use Atlassian's internal secured transport (TLS).
- The App makes no outbound HTTPS calls to external services.
Data at rest:
- Score dimensions, computed scores, framework configuration, and settings are stored in Atlassian Forge Storage (KVS), hosted by Atlassian within your cloud instance.
- No credentials, tokens, or secrets are stored by the App — there are none to store.
- Issue descriptions and free-text content are never stored by the App.
Data minimization:
- The App stores only numeric values (scores, dimension inputs, weights) and Jira issue keys — no personal data, no issue content, no free-text.
- The Rovo AI activity log is capped at 50 entries (issue keys, scores, timestamps only) and older entries are overwritten automatically.
- The backlog health cache stores only aggregated project-level metrics and expires after one hour.
5. No External Credentials or Integrations
Unlike apps that connect to external services, Priority Scoring does not require or accept any API keys, tokens, passwords, or third-party credentials. There is no configuration that could expose user secrets, and there are no external integrations beyond the Atlassian platform itself.
6. Dependency Management
- The App's runtime dependencies are limited to Atlassian's official Forge packages (
@forge/api,@forge/resolver,@forge/react), maintained and patched by Atlassian. - Before each Marketplace submission, we run
npm auditand resolve identified vulnerabilities, including dev-only dependencies. - Build and development tooling dependencies are not included in the production runtime bundle.
7. Vulnerability Management
- We monitor the App for security issues and subscribe to Atlassian Forge platform security advisories.
- Security patches are deployed promptly via Forge's deployment mechanism; the Forge runtime (Node.js environment) is maintained and patched by Atlassian.
- Reported vulnerabilities are triaged and remediated based on severity, with critical issues addressed as the highest priority.
- We run
npm auditbefore every Marketplace release and document any residual dev-only findings in our submission notes.
8. Incident Response
If a security issue is discovered in the App:
- We will investigate and begin remediation promptly upon notification or discovery.
- A fix will be deployed as a priority update via the Forge deployment pipeline.
- Affected customers will be notified via the Atlassian Marketplace listing and, where contact information is available, directly.
- For vulnerabilities with potential data impact, we will assess scope and provide clear communication about what was affected and what action (if any) is required from customers.
To report a security vulnerability, please contact support@janekbehrens.de with the subject line "Security Report — Priority Scoring". We aim to acknowledge reports within 2 business days.
9. Organizational Security Controls
- Access to production: App deployments are performed exclusively by the App maintainer (Janek Behrens) via the authenticated Forge CLI. No other parties have deployment access.
- Source code: The App's source code is maintained in a private repository with access limited to the maintainer.
- Forge app credentials: The Forge app identity (app ID) is managed via Atlassian's Forge platform. There are no shared secrets or passwords for app operation.
- No sub-processors: We do not engage sub-processors. All processing occurs within the Atlassian platform.
10. Compliance
- GDPR: The App does not collect or store personal data. Transient user display names from Jira API responses are used only for in-session display and are not stored. See our Privacy Policy for full details.
- Atlassian Security Requirements: The App is built to comply with Atlassian Forge security requirements and participates in the Atlassian Marketplace security review process.
- Runs on Atlassian: The App operates under Atlassian's "Runs on Atlassian" trust boundary, meaning Atlassian's own infrastructure, security controls, and compliance certifications (SOC 2, ISO 27001, etc.) apply to the underlying platform.
11. What We Cannot Access
For complete transparency, we have no technical means to access:
- Any data stored in your Jira instance (issues, comments, attachments, user data)
- Score data stored in Forge Storage within your instance
- Your Atlassian account credentials or session tokens
- The content of any Rovo AI interactions
- Any personal data of your team members
12. Contact
For security questions or to report a vulnerability:
Email: support@janekbehrens.de
Subject: Security Report — Priority Scoring