SFJ: Security Hub — Powered by Forge
Smart Forms for Jira now runs primarily on the Atlassian Forge platform, ensuring that core processing, storage, and interaction with Jira occur inside Atlassian’s secure, isolated infrastructure. This strengthens data protection, compliance alignment, and operational reliability.
To support external form sharing and embedding — capabilities not possible inside Forge-only apps — Smart Forms uses a minimal, controlled egress layer designed specifically for rendering public-facing forms. This layer does not access Jira data and does not perform business logic.
Forge is Atlassian’s managed platform that provides isolated, secure execution environments for cloud apps.
What are the Benefits for You?
Here’s what this migration means in practice:
✅ Better Security
Forge apps run inside Atlassian’s infrastructure. It means your data never leaves their environment. It protects your data and makes it less vulnerable to threats.
✅ Faster and More Reliable
Forge apps load faster and perform better. You’ll notice smoother app behavior and less waiting time.
✅ Clearer Permissions
With Forge, you can quickly check the data the app has access to. This means more transparency and control for you.
✅ More Features Coming Soon
Thanks to Forge, we can introduce and release new features to our customers even faster. With this migration complete, we can bring in more advanced filters, new reports, and custom settings you have requested.
The main features and design of the app will be the same as before. However, using Forge, you can see faster loading times and a more stable and secure experience.
How Forge Improves Security
By operating inside Atlassian’s environment, Smart Forms benefits from:
Isolated execution in Atlassian-managed sandboxes
Platform-enforced permissions and OAuth scopes
Secure secrets management
Encrypted data storage fully controlled by Atlassian
Automatic security updates and compliance handling
All sensitive operations (work item creation, field updates, storing responses, form logic) run exclusively within Forge.
Why a Controlled Egress Layer Is Required
Some Smart Forms features rely on public access or external participation, including:
External sharing links with anonymus submissions
Embedded forms on websites or Confluence
External embedded content inside form builder
To support them securely:
The egress layer only renders the form UI.
It does not store or read Jira data.
Submissions are sent directly into Atlassian infrastructure for validation, mapping, and storage.
No response data persists outside the Atlassian boundary.
Data Residency & Compliance
All form definitions, responses, work item updates, and processing occur within Atlassian’s regional data systems.
External rendering does not relocate customer data.
Certifications
| Cloud FortifiedThe Cloud Fortified Apps Program aims to serve our largest customers and those with more business-critical operating requirements for apps.
|
|---|
| Marketplace Security Bug Bounty ProgramA bug bounty program is one of the most powerful post-production tools to help detect vulnerabilities in applications and services.
|
|---|
| Security AssessmentsThe term “security assessment” refers to any activity intended to determine, evaluate, or test the security features and controls of Atlassian’s products and services.
|
|---|
| SaaSJet is a Platinum Marketplace PartnerWhat does “Platinum partner” mean? According to annual gross sales ("Purchase Price" in Marketplace reports), a minimum $1M annual gross sales comprised a minimum of 35% from the cloud.
|
|---|
Security
 | System and Organization Controls - SOC 2SOC 2 reports are independent third-party examination reports demonstrating how an organization achieves key compliance controls and objectives. |
|---|
| CAIQ-LiteCAIQ Lite is a simplified version of the Consensus Assessments Initiative Questionnaire (CAIQ), which is designed to assess the security posture of cloud service providers. Atlassian requires all Platinum, Gold, and Silver Marketplace Partners to complete the CAIQ-Lite questionnaire, which it then reviews.
|
|---|
| Security ContactIf at any time you have concerns or are uncertain whether your security research is consistent with this policy, please contact us at security@saasjet.com |
|---|
Support
| Working hours: Mon-Fri 24hrs GMT+3Phone: +1 888 396 0501 Book a demo session: click to schedule an online free demo Support portal: click to create a ticket Help: Read the documentation |
|---|
We understand that data security is of utmost importance to our users. The information below outlines the types of data stored by Smart Forms for Jira, associated security measures, and storage periods, addressing your data privacy concerns.
Changes to Policy
Any significant changes that occur in our data security and retention practices will be communicated on our website.
Read about the SaaSJet Privacy Policy ->
Additional Security Features
CAPTCHA Protection Smart Forms for Jira includes built-in CAPTCHA verification for publicly shared forms, providing protection against:
Automated bot submissions
Spam form entries
Malicious form abuse
Implementation: CAPTCHA verification is available for forms shared with "Anyone with the link" access, ensuring your public-facing forms maintain security without compromising accessibility.
Best Practice: Enable CAPTCHA for customer-facing forms, public surveys, and any forms embedded on external websites to maintain data integrity and prevent abuse.
For more details about canceling and uninstalling an app, please visit the App Subscriptions: Cancellation, Uninstalls, Refund & Renewal FAQ page.
If you need help or want to ask questions, please get in touch with us through SaaSJet Support (Time of the First Response ≤ 4 hours) or via email at support@saasjet.atlassian.net
If you haven't used this add-on yet, then try it now!