Security Policy
1. Overview
TeamOps is a Forge-native Jira application for onboarding, offboarding, and leave management that runs entirely on Atlassian's infrastructure. It carries the "Runs on Atlassian" trust badge, meaning there are no external servers, no third-party hosting, and no data leaving Atlassian's platform.
Key facts:
- Zero external servers or databases
- Zero external network calls or data egress
- PPLX Software has no access to your data
- All data stays on Atlassian's infrastructure, in your data residency region
2. Data Storage & Residency
All TeamOps data is stored in the Forge Custom Entity Store, a managed storage service provided by Atlassian as part of the Forge platform.
- Data Residency: Data follows your Atlassian tenant's configured data residency region. If your site is pinned to a specific region (EU, US, AU, etc.), all TeamOps data resides in that same region.
- Encryption at Rest: All data is encrypted at rest using AES-256 encryption, managed by Atlassian's infrastructure.
- Encryption in Transit: All communication within the Forge platform uses TLS 1.2 or higher.
- No External Storage: TeamOps does not store data in any external database, cloud service, browser local storage, or cookies.
3. Access Controls
PPLX Software Has No Access to Customer Data
The Forge platform runs app code inside an isolated sandbox. PPLX Software, as the app publisher, cannot access, view, or retrieve any data stored by TeamOps on your Atlassian site. There is no admin backdoor, no remote access, and no telemetry that transmits customer data.
Role-Based Access Within Your Organization
TeamOps enforces role-based access control (RBAC) with three roles, checked on every server-side API call:
| Role | Assignment | Data Access |
|---|---|---|
| HR Admin | Jira group membership | Full access to all employee data, configuration, data export, and erasure |
| Manager | Jira group membership | Team members' leave requests, onboarding, and offboarding progress only |
| Employee | Default for all authenticated users | Own leave requests, onboarding, and offboarding tasks only |
Authentication
TeamOps relies entirely on Atlassian OAuth 2.0 for authentication. The app does not collect credentials, manage sessions, or implement its own login flow. Users are authenticated by Atlassian before any app code executes.
4. Platform Security
TeamOps runs on Atlassian's Forge platform, which provides enterprise-grade security infrastructure:
| Certification / Standard | Holder | Coverage |
|---|---|---|
| SOC 2 Type II | Atlassian | Infrastructure, compute environment, and data storage used by Forge apps |
| ISO 27001 | Atlassian | Information security management across Atlassian's platform |
| AES-256 Encryption | Atlassian | All data at rest in the Forge Custom Entity Store |
| TLS 1.2+ | Atlassian | All data in transit within the Forge platform |
PPLX Software does not hold independent SOC 2 or ISO 27001 certification. Because TeamOps is Forge-native with no external infrastructure, Atlassian's platform certifications cover the entire runtime and storage environment that the app uses.
For details on Atlassian's security posture, see the Atlassian Trust Center.
5. Data Processing
What Data Is Collected
TeamOps collects only the data necessary for leave management, employee onboarding, and offboarding:
- Employee names and email addresses (from Atlassian user profiles)
- Leave dates, leave types, and approval status
- Onboarding and offboarding task assignments and completion progress
- Role assignments for access control
How Data Is Used
- Data is used exclusively for leave management, onboarding, and offboarding workflows within Jira.
- No data is shared with third parties, analytics services, or advertising networks.
- No data is used for profiling, automated decision-making, or purposes beyond the app's stated functionality.
GDPR Compliance
TeamOps includes built-in GDPR features: data export (right of access / portability) and data erasure (right to be forgotten), both available to HR Admins directly within the app.
For full details, see our Privacy Policy.
6. Incident Response
PPLX Software follows a structured incident response process:
- Detection & Triage — Potential security issues are assessed for severity and scope within 24 hours of identification.
- Containment — For critical vulnerabilities, a patched version is submitted to the Atlassian Marketplace as an expedited update.
- Notification — Affected customers are notified through the Marketplace listing and direct communication for critical issues.
- Remediation — Root cause analysis is performed and preventive measures are implemented.
- Disclosure — Material security issues are disclosed responsibly with appropriate timelines.
7. Vulnerability Reporting
If you discover a security vulnerability in TeamOps, please report it to us so we can address it promptly.
Contact: support@pplxsoftware.com
Please include a description of the vulnerability, steps to reproduce, and any relevant screenshots or logs. We aim to acknowledge reports within 48 hours and provide a resolution timeline within 5 business days.
8. App Architecture
TeamOps is built on Atlassian Forge, a serverless app platform where all code runs inside Atlassian's infrastructure. This architecture provides inherent security advantages over traditional Atlassian Connect apps:
| Property | TeamOps (Forge) | Connect Apps (Traditional) |
|---|---|---|
| Code execution | Atlassian's servers | Publisher's external servers |
| Data storage | Atlassian's infrastructure | Publisher's external databases |
| Network calls | None (zero external fetch) | Typically many external calls |
| Data egress | None | Data may leave Atlassian |
| Publisher data access | None (sandbox isolation) | Full access to hosted data |
Additional Security Measures
- No Hardcoded Secrets: All sensitive configuration is managed through Forge encrypted environment variables.
- No PII in Logs: Application logs reference only entity IDs and account IDs, never names or email addresses.
- Dependency Scanning: All dependencies are scanned with
npm auditand validated withforge lintbefore every deployment. - Least Privilege: The app requests only the 7 Atlassian API scopes necessary for its functionality, each with a documented justification.
- No Cookies or Tracking: TeamOps sets no cookies, uses no analytics scripts, and performs no user tracking.
Questions?
For security-related questions or concerns, contact us at support@pplxsoftware.com.
For information about Atlassian's platform security, visit the Atlassian Trust Center.