Security
Security and privacy are built into the fabric of our app, infrastructure, processes and services, so you can rest assured that your data is always protected. Your data never leaves your site.
ISO 27001
Appfire received its certification for ISO 27001 and ISO 27017 with zero findings
Read more
GDPR
JXL is compliant with EU regulation 2016/679 and all other applicable data protection laws
Runs on Atlassian
JXL for Jira Cloud is hosted on and stores data within the Atlassian platform
Read moreAtlassian Ecoscanner
JXL is scanned by the Ecoscanner Platform (Cloud, Data Center) and Security Scanner (Data Center)
Read moreYour data never leaves your site
We don't access and store any customer data externally, all data is stored in your Jira site
Data residency
JXL APIs and gateway services are hosted in the same region your Jira site is pinned to
Read morePrinciple of least privilege
JXL only requests access scopes actually required to perform its functionality, nothing more
Vulnerability management
We apply accelerated resolution timeframes in the event of necessary security bugfixes
Read more
Bug bounty program
Over 100 security researchers scan JXL regularly for vulnerabilities
JXL is a Jira app that enables users to view and edit their Jira data via the apps's user interface, i.e. data to which they have read and/or write access in Jira. Running in the users' browsers, JXL utilises Jira REST APIs based on users' input.
The Jira API respects the signed-in user's as well as the app's permissions. No Jira data is ever loaded, created, updated, deleted, or otherwise manipulated in a way that has not been initiated by the user, or does not respect the permission model of the Jira site.
JXL stores its sheets data, along with various user-level information (e.g. the most recently visited sheets), exclusively inside customers' Jira sites. This means that all customer data is stored by Jira, and therefore subject to all security measures and data residency management Atlassian provides (JXL for Jira Cloud), or the customer operates (JXL for Jira Data Center).
JXL for Jira Cloud has been awarded the Runs on Atlassian badge by Atlassian, which is reserved for a special category of apps in the Atlassian Marketplace that are built on the Atlassian Forge application development framework. These apps offer customers peace of mind, as they are hosted on and store data within Atlassian's platform and are data residency compliant. All data is protected and benefits from the robust privacy, security, and compliance standards of Atlassian's infrastructure.
All data transfer between the user's browser and the user's Jira site happens securely via HTTPS protocol.
With all customer data being stored within Atlassian's platform (JXL for Jira Cloud) or customers Jira sites (JXL for Jira Data Center), JXL utilises Atlassian's backup and data recovery features, or equivalent capabilities that the customer operates.
As all data are exchanged directly between customers' Jira sites and users' browsers, no Appfire employee, regardless of their role, has access to customer data at rest. Application logs are anonymised and don't contain any references to customer data.
We commit to the accelerated resolution timeframes of Atlassian's security bugfix policy and to our Service level agreement.
