Security Policy

Last updated: July 6, 2026

1. Overview

Team Capacity for Jira ("the App") is built on the Atlassian Forge platform and operates entirely within Atlassian's infrastructure under the Runs on Atlassian trust boundary. The App is read-only, makes no outbound network calls to any external server, and stores no credentials of any kind. This document describes the App's security architecture and our practices.

2. Architecture & Runtime Environment

3. Access Control

ControlDetails
Read-only by design The App requests no write scopes. It cannot create, edit, transition, or delete any Jira issue, sprint, board, or field.
Minimal API scopes read:jira-work (sprint issues via JQL), read:project:jira (permission gate), read:board-scope:jira-software and read:board-scope.admin:jira-software (boards and their estimation configuration — read-only), read:sprint:jira-software (sprints), storage:app (non-personal caches). No admin or write permissions are requested.
Per-viewer permission enforcement Data reads run with app-level access, but every request from a viewer is checked against that user's own Jira project permissions (Browse Projects) via Atlassian's Authorize API before any data is returned — fail-closed: if the check cannot complete, no data is served. Board pickers are filtered the same way.
Input validation Board and sprint IDs from the browser are accepted only as positive integers, and sprint IDs are resolved against the board's own sprint list before any query is built — no client value ever reaches a query string.
License enforcement Paid ("Pro") features are enforced server-side; if the license state is missing or unknown the App fails closed to the free tier.
Developer access None. We cannot read, access, or export any data stored in your Jira instance or Forge storage. All data resides within Atlassian's infrastructure.

4. Data Protection

Data in transit:

Data at rest:

Data minimization:

5. No External Credentials or Integrations

The App does not require or accept any API keys, tokens, passwords, or third-party credentials. There is no configuration that could expose user secrets, and there are no integrations beyond the Atlassian platform itself. The gadget's user interface is a Forge Custom UI served from the App's own static resources; it declares inline styles only for its own chart and loads no third-party scripts, fonts, frames or images.

6. Dependency & Vulnerability Management

7. Incident Response

If a security issue is discovered in the App:

To report a security vulnerability, contact support@janekbehrens.de with the subject line "Security Report — Team Capacity". We aim to acknowledge reports within 2 business days.

8. Organizational Security Controls

9. Compliance

10. What We Cannot Access

For complete transparency, we have no technical means to access:

11. Contact

For security questions or to report a vulnerability:
Email: support@janekbehrens.de
Subject: Security Report — Team Capacity