Security & Compliance in No-Code Apps Creator
No-Code Apps Creator is an AI-powered tool that helps Jira teams create custom Forge apps, dashboards, reports, and gadgets by chatting with AI — without writing code. This page explains how this Jira app handles AI, data access, permissions, and deployment, and how it aligns with Atlassian Forge security principles.
AI and Data Access in No-Code Apps Creator
No-Code Apps Creator is an AI-based builder that uses a Large Language Model (LLM) provided through Anthropic Connect. The LLM is used to understand plain-English prompts and generate application code based on them.
The AI does not analyze issues, comments, worklogs, or users
The AI does not connect to Jira
The AI does not call Jira APIs
The AI does not receive real Jira data.
In No-Code Apps Creator, AI is used only to generate code:
Generates an Atlassian Forge app
Uses public Atlassian Forge documentation
Describes which types of data are needed (for example: issue key, summary, due date)
Builds the
manifest.yml, UI components, and business logic.
Important Note About the API Token
During deployment, No-Code Apps Creator asks for an API token. The API token is used to deploy the app to a specific Jira site. The token is not used to read Jira issues, access data at runtime, or collect analytics. After deployment is complete, the API token no longer affects how the app works.
Forge security guarantees
Apps generated with No-Code Apps Creator are built and deployed on Atlassian Forge, which provides strong, built-in security guarantees by design. Forge enforces strict authentication and access control mechanisms. Only authorized users can access app data, and all access is governed by Jira’s standard permission model and the scopes explicitly granted during installation.
To deploy the Forge app generated with No-Code Apps Creator, you must have administrator permissions on the Jira site where the app will run.
Forge apps run entirely inside Atlassian Cloud. This means Jira data does not leave Atlassian’s secure environment:
No external servers are used
No third-party backends are involved
No data is sent outside the Atlassian infrastructure.
Forge apps inherit the same security framework that protects Jira. This includes:
Platform-level security controls
Ongoing security monitoring
Compliance with Atlassian security policies and standards.
Also, apps created with No-Code Apps Creator use standard Forge scopes, selected based on the app’s functionality. Typical scopes may include:
Name | Description |
| View user information in Jira that the user has access to, including usernames, email addresses, and avatars. |
| Read Jira project and issue data, search for issues and objects associated with issues like attachments and worklogs. |
| View filters. |
| View dashboards. |
| Create and update dashboards. |
| View projects. |
Find more information about Forge scopes in the official Atlassian documentation, Jira scopes for OAuth 2.0 (3LO), and Forge apps.
If you need help or have questions, please contact SaaSJet Support or email us at support@saasjet.atlassian.net.
SaaSJet Security & Compliance
No-Code Apps Creator is developed and maintained by SaaSJet, an Atlassian Platinum Marketplace Partner.
What does “Platinum partner” mean? According to annual gross sales ("Purchase Price" in Marketplace reports), a minimum $1M annual gross sales comprised a minimum of 35% from the cloud.
How we became a Premium partner - our history of success
What Atlassian Developer says - read more
SaaSJet maintains SOC 2 compliance.
If at any time you have concerns or are uncertain whether your security research is consistent with this policy, please contact us at security@saasjet.com