Marketplace Privacy & Security Statement
Effective date: 13 May 2026 Last updated: 13 May 2026
This statement describes the privacy and security posture of the Wheel of Fortune for Jira app for Atlassian Marketplace reviewers and prospective customers. It is published alongside our Privacy Policy, Data Retention and Deletion, and Partner Security Policy.
1. App overview
| App name | Wheel of Fortune for Jira |
| Hosting model | Atlassian Forge (Cloud-only) |
| Atlassian product | Jira Cloud |
| Module type | jira:globalPage (Custom UI) |
| Runtime | Forge nodejs22.x |
| External services | None |
| Sub-processors | None |
| Pricing | Free |
2. Forge hosting
The App is built on the Atlassian Forge platform. This means:
- All backend code runs inside Atlassian-managed serverless functions.
- All persistent data is stored in Forge App Storage, scoped to the installing customer’s Jira instance.
- Authentication and authorization use Forge’s built-in OAuth 2.0 flow; the App never sees or handles user passwords or API tokens.
- The App does not open inbound network ports and does not host any infrastructure of its own.
Atlassian’s Forge platform is independently audited under SOC 2 and is covered by Atlassian’s Trust Center. Because the App runs entirely on Forge, those platform-level controls extend to the App.
3. Permissions and scopes
The App requests the following Forge / Atlassian Connect scopes:
| Scope | Reason |
|---|---|
read:jira-user |
Read the Jira user directory to populate the participant picker |
read:user:jira |
Read minimal Atlassian user profile fields shown in the picker |
storage:app |
Persist the lineup configuration in Forge App Storage |
The App requests no write scopes for Jira issues, projects, or workflows. The App cannot create, modify, or delete any Jira content.
The App also declares the following content-security settings in its manifest.yml:
content.styles: unsafe-inline— required because the Custom UI bundle includes inline styles emitted by the bundler. No inline scripts are used.external.images— restricts permitted image hosts to Atlassian’s own avatar/gravatar endpoints. The App makes no outbound HTTP requests to third-party servers.
4. Data flow
Browser (Forge Custom UI)
|
| (signed, in-platform RPC)
v
Forge resolver (Atlassian-hosted Node.js function)
|
+--> Forge App Storage (read/write lineup config)
|
+--> Jira REST API /rest/api/3/users/search
(asUser() — request is authenticated as the
currently signed-in Jira user)
No data leaves Atlassian’s infrastructure at any step. There are no outbound calls from the resolver to any Partner-controlled or third-party endpoint.
5. Data handling summary
| Category | Collected? | Stored? | Shared? |
|---|---|---|---|
| Jira account IDs and display names | Yes (read-only) | Account IDs only, inside Forge App Storage for saved lineups | No |
| Email addresses (when visible via Jira) | Read for picker display | No | No |
| Avatars (URLs only) | Yes | No (re-fetched on render) | No |
| Free-text custom objects | Yes | Yes, in Forge App Storage | No |
| Selection history | Yes | Yes, in Forge App Storage | No |
| Jira issue / project content | No | No | No |
| Payment information | No | No | No |
| Cookies, IPs, device identifiers | No | No | No |
See the Privacy Policy for full definitions.
6. Authentication and authorization
- The App invokes the Jira REST API using
api.asUser()— every call is performed in the security context of the signed-in Jira user. This means the App can never read users or data the caller is not already authorized to see. - The App does not hold its own API tokens or service accounts.
- The App does not implement any custom login mechanism.
7. Encryption
- In transit: All traffic between the browser, the Forge resolver, the Jira API, and Forge App Storage is encrypted using TLS provided by the Atlassian Cloud platform.
- At rest: Forge App Storage encrypts data at rest as part of Atlassian’s platform controls.
- The Partner does not manage or hold any encryption keys, because the Partner does not operate any data store of its own.
8. Vulnerability management
- Source code is maintained in a private repository with branch protections.
- Dependencies are audited at build time with
npm audit --audit-level=highfor both the resolver and the frontend bundle. - Forge runtime upgrades (Node.js version, Forge SDK) are tracked and applied as Atlassian releases them.
- The App ships no native binaries, dynamic loaders, or remote-code execution paths.
9. Incident handling
The App stores no data outside Atlassian’s infrastructure, so a “breach” in the Partner’s environment cannot expose customer data. In the event of a platform-level issue affecting Forge or Jira, customers are notified through Atlassian’s Status and Trust channels.
If a vulnerability is discovered in the App itself, we will:
- Triage on a best-effort basis from receipt at support@florenco.tech.
- Coordinate disclosure with Atlassian where required by the Marketplace Partner agreement.
- Publish a fix via a new Marketplace release.
The App is a free Marketplace listing and we do not commit to a paid support SLA. We aim to acknowledge security reports within five business days.
10. Compliance posture
- The App inherits Atlassian’s Cloud platform certifications (SOC 2, ISO 27001, GDPR, etc.) for all hosting, storage, and authentication layers.
- The Partner does not hold additional certifications of its own; no such certification is required because no customer data is ever stored or processed outside Atlassian’s infrastructure.
- The App is suitable for use by customers subject to GDPR, UK GDPR, and CCPA, provided their use of Jira itself is compliant.
11. Contact
For Marketplace, privacy, or security inquiries: support@florenco.tech.