Noise21 Logo
Install for Free

Security & Privacy Policy for Noise21

1. Security by Design & Infrastructure

Noise21 is built entirely on Atlassian Forge, Atlassian's strictly isolated serverless app platform.

  • No External Servers: We do not host, process, or store your data on external servers. All computing and storage occur strictly within the Atlassian cloud boundary.
  • Data Residency: Noise21 stores End-User Data exclusively within Atlassian apps and services using the native Forge Storage API. Data residency is fully determined by your Atlassian tenant's location settings.
  • No Remote APIs: Noise21 does not expose any remote REST APIs for integration with other tools. The app is completely self-contained within your Jira instance.

2. Data Processing & Privacy (GDPR / CCPA)

We act as a Data Processor under the General Data Protection Regulation (GDPR). Because we operate as an independent developer entity and do not meet the thresholds for a "Business" under the CCPA, the CCPA does not directly apply, though we maintain the same high privacy standards for all users.

  • Processed Data: To provide the ranking functionality, the app processes specific Jira issue details (issue IDs, keys, summaries, descriptions, status, issue types, priorities, and assignees) and calculates derived statistics (Elo ratings, match counts, history snapshots).
  • Data Control: You remain the Data Controller. Because the app uses Forge Storage, you maintain full control over this data, and it is automatically deleted if you uninstall the app and clear your tenant data.
  • Data Processing Agreement (DPA): As a streamlined Forge app operating entirely within your tenant, data processing is governed by the standard Atlassian Marketplace Partner Agreement. We currently do not offer custom DPAs.

3. Logging & Data Egress

Noise21 is designed to ensure your data never leaks.

  • No End-User Data in Logs: We do not log End-User Data (such as issue summaries or descriptions). Any technical debugging logs are hosted natively by Atlassian and do not contain personal identifiers.
  • No Third-Party Sharing: We do not export or share any logs or End-User Data with third-party entities (like external analytics or monitoring tools). There is strictly zero data egress outside of Atlassian services.

4. Authentication & Shared Secrets

Noise21 utilizes seamless, native Atlassian authentication (@forge/api).

  • No Passwords or PATs: We never require end users to provide Atlassian Personal Access Tokens (PATs), user account passwords, or any other type of shared secrets.
  • Least Privilege: The app only requests the explicit Jira permissions (scopes) required to read boards and update issue priorities/properties.

5. Vulnerability Reporting

Security is an ongoing commitment. If you discover a vulnerability or have specific compliance questions, please contact our security team at: security@noise21.com