Policy

1. Data Security

All data submitted through Dynamic Variables for Confluence (such as variable keys and values) is securely handled within the Atlassian ecosystem.

No data is stored or transmitted outside Confluence or the Atlassian infrastructure.

The app does not collect, process, or transmit any personally identifiable information (PII) unless explicitly included by the user within the variable content.

2. Content Restrictions

This app enables users to create and manage Dynamic Variables within Confluence.

To ensure platform security:

• Only valid variable keys and values should be provided.

• No scripts, executable code, or dynamic code injection is supported.

• Variable input is processed strictly for data substitution and rendering purposes.

• Rendering is governed by the browser’s security model and Atlassian’s Content Security Policy (CSP).

• Malicious or invalid input may result in incorrect or failed rendering.

3. Authentication & Permissions

The app operates within the context of the currently authenticated Confluence user.

It fully respects Atlassian’s permission model and does not access, modify, or expose any data beyond what the user is authorized to view or manage.

4. Access Control

Only users with appropriate permissions can view or manage variables.

• Personal variables are accessible and manageable only by the respective user.

• Global variables are visible to all users, but only the owner can edit or delete them.

• Unauthorized users cannot modify or delete variables.

5. Security Best Practices

To ensure a secure experience while using the app:

• Provide only trusted and validated variable data.

• Avoid using misleading or sensitive information in variable values.

• Ensure content complies with your organization’s security policies.

• Periodically review variables for accuracy and relevance.

6. Vulnerability Reporting

We encourage responsible disclosure of any security vulnerabilities. Please report any concerns to: 📧 developer@alvanium.com