Security in our Products
We are committed to the security of your data and how it is stored.
Jira Cloud, Server & DC: Storing your data safely
All of your Jira issue / project / user data is kept in your Jira Cloud instance. At Easy Agile, Server and DC customer data is not stored by our add-on servers and very limited, anonymised data is stored for our Cloud customers. All Easy Agile transactions take place on the Atlassian Marketplace. Our add-ons are simple, static javascript applications which run in your browser. They retrieve the data they require directly from your Atlassian Cloud instance.
Our Jira Cloud versions require the following Atlassian Connect Permissions (Scopes): Read, Write, Delete and Project Administration. Project Administration is needed for the creation and updating of Versions.
As our products are delivered as a static, client-side add-on, the requests to read, create or update Jira data are made by the account of the person using the add-on. When you install the add-on you will see a new user added automatically to the Jira Software projects (e.g. Easy Agile User Story Maps for Jira (addon_com.kretar.Jira.plugin.user-story-map)) under the role 'atlassian-addons-project-access'.
At Easy Agile, we follow Atlassians stringent guidelines for security, including:
- App Security Incident Management Guidelines for Atlassian Marketplace Vendors
- Atlassian Cloud Security Program
- Atlassian Cloud App Operations Guide
- Security Guidelines and Best Practices for Atlassian Marketplace Vendors
Infrastructure Access
Build, test, and deployment automation means Easy Agile team members do not require or have access to production infrastructure.
Infrastructure is in code (Amazon Web Services CloudFormation Templates) enabling us to test changes in test and staging environments before rolling those changes to production environments.
We leverage a Cloud identity provider, a Cloud access management platform, and enforce a strict password policy for team members. All privileged level infrastructure and service provider access require hardware 2FA tokens.