Security Policy

Automated Story Point Estimation App

1. Introduction

This security policy outlines the measures taken to ensure the security and privacy of users utilizing our Automated Story Point Estimation App for Atlassian Jira. The app automates the estimation of story points by analyzing similar stories within the same Jira project. It is crucial to maintain the integrity, confidentiality, and availability of user data and ensure compliance with relevant regulations and standards.

2. Data Privacy and Storage

No Data Storage: The app does not store any user data. All operations, including searching, calculating, and generating the final estimated story points, are performed in real-time.
Data Processing: Data is temporarily processed to perform calculations and generate the final story point value. Once the process is completed, no user data is retained.
Data Access: Only authorized users can access the app’s functionality, ensuring that data processed is relevant and limited to the user’s current Jira project.

3. Data Transmission

Encryption: All data transmitted between the app and Atlassian Jira is encrypted using industry-standard encryption protocols (e.g., TLS 1.2 or higher) to protect against interception and unauthorized access.
API Security: Secure APIs are used for communication with Jira, utilizing OAuth 2.0 for authentication and authorization to ensure secure data exchange.

4. Access Control

Authentication: Users must authenticate via Atlassian Jira’s authentication mechanisms. The app does not handle or store user credentials.
Authorization: The app uses Jira's permission schemes to ensure users have the appropriate access rights to perform operations within their projects.

5. Application Security

Secure Coding Practices: The app is developed following secure coding practices to mitigate common security vulnerabilities such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).
Regular Updates: The app is regularly updated to address security vulnerabilities and ensure compliance with the latest security standards.

6. Monitoring and Logging

Activity Logging: All activities performed by the app are logged for auditing purposes. Logs include search queries, calculation processes, and generated comments, without storing any sensitive data.
Anomaly Detection: Monitoring mechanisms are in place to detect and respond to unusual activities or potential security threats in real-time.

7. Incident Response

Incident Management: A defined incident response plan is in place to address security incidents promptly. This includes identifying, assessing, and mitigating incidents, as well as notifying affected users and relevant authorities if necessary.
User Notification: Users will be promptly informed of any security breaches that may affect their data or the app’s functionality.

8. Compliance and Review

Regulatory Compliance: The app complies with relevant regulations and standards, including GDPR, CCPA, and other data protection laws.
Regular Review: This security policy is reviewed regularly and updated as necessary to ensure ongoing compliance with security best practices and regulatory requirements.

9. User Responsibilities

Secure Usage: Users are responsible for maintaining the security of their Jira accounts and should follow best practices for password management and account security.
Reporting Issues: Users should promptly report any security concerns or potential vulnerabilities to the app’s support team for immediate investigation and resolution.

10. Contact Information

Contact Us:

If you have any questions, concerns, or to report security issues, please contact our support team at:

Email: hararitech@gmail.com

This security policy ensures that the Automated Story Point Estimation App for Atlassian Jira maintains high standards of security and privacy, protecting users' data and ensuring the app's integrity and reliability.