/
Policy

Policy

1. Data Security

All data submitted through Smart JSON Renderer for Jira is securely processed within the Atlassian ecosystem.

  • No data is stored, transmitted, or processed outside of Jira Issue Panels or Dashboard Gadgets, or Atlassian infrastructure.

  • The app does not send data to any external servers.

  • The app does not collect, store, or process personally identifiable information (PII), unless explicitly included by the user within the provided JSON content.

  • Data handling strictly follows Atlassian’s security and hosting standards.

2. Application Scope & Content Handling

Smart JSON Renderer for Jira enables users to render JSON data in a structured, readable format within Issue Panels and Dashboard Gadgets.

To ensure security and platform integrity:

  • Only valid JSON content should be provided.

  • The app does not execute scripts, JavaScript, or embedded code.

  • JSON content is treated strictly as data and rendered safely.

  • Any HTML or script content within JSON is not executed.

  • Rendering complies with Atlassian’s Content Security Policy (CSP) and browser security models.

  • Malformed, invalid, or malicious JSON may result in rendering failure.

3. Authentication & Permissions

  • The app operates strictly under the permissions of the currently authenticated Jira user.

  • It fully respects Atlassian’s permission model.

  • The app does not access, modify, or expose data beyond what the user is authorized to view or edit.

  • No background data access or privilege escalation is performed.

4. Access Control

  • Only users with appropriate view permissions can see rendered JSON data.

  • Only users with edit permissions can configure or modify JSON content.

  • Configuration options are available only in edit mode.

  • Users with view-only access cannot modify or delete configurations.

5. Security Best Practices

To maintain a secure experience:

  • Use only trusted and verified JSON content.

  • Avoid pasting JSON from unknown or untrusted sources.

  • Ensure JSON complies with your organization’s internal security policies.

  • Avoid including sensitive or confidential information unless necessary and authorized.

6. Vulnerability Reporting

We support responsible disclosure of security issues.

If you discover a potential vulnerability, please report it to:
📧 developer@alvanium.com