Policy
1. Data Security
All data processed by the Metrics+ Gadget Suite (e.g., issue counts, SLA metrics, assignee workload, organizational analytics) is securely handled using Atlassian Forge APIs.
No data is stored or transmitted outside the Atlassian ecosystem.
The app does not collect, store, or transmit personal data beyond what is already available within Jira.
2. Data Handling & Processing
The gadgets only read reporting data from Jira (issues, SLA fields, organization, customer feedback, etc.) and do not modify or write any issue content.
No external databases, third-party services, or external APIs are used for data storage or processing.
The app does not transmit or export data outside the user’s Jira instance.
3. Authentication & Permissions
All data is accessed based on the permissions of the currently logged-in Jira user.
The gadget suite adheres to Atlassian’s permission model and only retrieves data users are already authorized to see.
The app does not bypass Jira permissions or expose information to unauthorized users.
4. Access Control
Only users with proper Jira permissions (Browse Project, View Issues, etc.) can view gadget data.
Configuration options (e.g., project selection, date range) are only accessible in edit mode.
All content rendered is read-only and cannot modify Jira data or configuration.
5. Content Restrictions
The gadgets render visual components such as charts and tables only.
No user-provided scripts, HTML, or executable code are accepted or executed within the gadget.
The runtime environment enforces Forge and Atlassian Content Security Policies to block unauthorized scripting and prevent XSS.
6. Security Best Practices
All API calls follow secure, scoped Forge permissions.
Only HTTPS endpoints are used.
No external script injection is allowed.
The app does not store credentials or sensitive metadata.
All static assets are served securely through the Atlassian platform.
Vulnerability Reporting
We support responsible disclosure and welcome security feedback.
If you discover any vulnerability or security concern, please contact us at: