/
Policy

Policy

1. Data Security

All data submitted through the Mural for Confluence app (such as diagram name, Mural URL, height, and width) is securely stored within the Atlassian ecosystem .

No data is stored or transmitted outside Confluence or the Atlassian infrastructure.

The app does not collect or transmit any personally identifiable information (PII) unless explicitly included by the user within the provided Mural URL or diagram configuration.

2. Content Restrictions

This app enables users to embed Mural diagrams using Mural URLs.

To protect users and maintain platform security:

  • The app only renders content provided via valid and trusted Mural URLs.

  • No custom scripts, JavaScript execution, or dynamic code injection is supported.

  • Rendering is governed by the browser’s security model and Atlassian’s Content Security Policy (CSP).

  • Only authorized and publicly accessible Mural diagrams should be embedded.

Embedding untrusted or unauthorized URLs may result in inaccessible or unsafe content.

3. Authentication & Permissions

The app runs in the context of the currently authenticated Confluence user.

It fully respects Atlassian’s permission model and does not access, modify, or expose any data beyond what the user is explicitly authorized to view or configure.

4. Access Control

Only Confluence users with appropriate page view and edit permissions can view or configure embedded Mural diagrams.

  • The configuration interface is available only in edit mode.

  • Unauthorized users cannot modify or delete diagram configurations.

  • Users with view-only access can see the rendered diagram but cannot change its settings.

5. Security Best Practices

To maintain a secure experience while using the Mural Diagram Embedder:

  • Embed only trusted and authorized Mural URLs.

  • Avoid using links from unknown or third-party sources.

  • Ensure the embedded diagram complies with your organization’s security and access policies.

  • Periodically review embedded diagrams to ensure continued relevance and safety.

6. Vulnerability Reporting

We welcome responsible disclosure of any potential security vulnerabilities.

Please report any concerns to:
📧 developer@code4me.in