Skip to main content
Skip table of contents

Security Hub: SLA Time & Report

SLA Time and Report for Jira now runs on the Atlassian Forge platform, ensuring that core processing, storage, and interaction with Jira occur inside Atlassian’s secure, isolated infrastructure. This strengthens data protection, compliance alignment, and operational reliability.

To support app capabilities that extend beyond Forge-only architecture, SLA Time and Report may use a minimal, controlled external layer for selected functionality. This layer is designed to support the app’s operation without compromising the security of Jira data or performing core business logic outside Atlassian infrastructure.

Forge is Atlassian’s managed platform that provides isolated, secure execution environments for cloud apps.

What are the Benefits for You?

Here’s what this migration means in practice:

Better Security
Forge apps run inside Atlassian’s infrastructure. It means your data never leaves their environment. It protects your data and makes it less vulnerable to threats.

Faster and More Reliable
Forge apps load faster and perform better. You’ll notice smoother app behavior and less waiting time.

Clearer Permissions
With Forge, you can quickly check the data the app has access to. This means more transparency and control for you.

More Features Coming Soon
Thanks to Forge, we can introduce and release new features to our customers even faster. With this migration complete, we can bring in more advanced filters, new reports, and custom settings you have requested.

The main features and design of the app will be the same as before. However, using Forge, you can see faster loading times and a more stable and secure experience.

How Forge Improves Security

By operating inside Atlassian’s environment, SLA Time and Report benefits from:

  • Isolated execution in Atlassian-managed sandboxes

  • Platform-enforced permissions and OAuth scopes

  • Secure secrets management

  • Encrypted data storage fully controlled by Atlassian

  • Automatic security updates and compliance handling

Core app operations, such as SLA calculations, field updates, reporting logic, and automation-related processing, run within Forge.

Why Slack Integration Is Required

Some SLA Time and Report features rely on Slack integration, for example to send notifications and alerts outside Jira. To support this securely:

  • Slack is used only to deliver messages

  • It does not store Jira data

  • Core app logic and Jira-related processing remain within Atlassian infrastructure

  • No customer data is persisted in Slack

Data Residency & Compliance

  • For SLA Time and Report for Jira, core processing and app logic run within Atlassian infrastructure.

  • Slack is used only as a delivery channel for notifications and does not relocate customer data.

Certifications

Fortified.png

 

Cloud Fortified

The Cloud Fortified Apps Program aims to serve our largest customers and those with more business-critical operating requirements for apps.

 

BugBounty.png

 

Marketplace Security Bug Bounty Program

A bug bounty program is one of the most powerful post-production tools to help detect vulnerabilities in applications and services.

Premium-partner.svg

 

 

SaaSJet is a Platinum Marketplace Partner

What does “Platinum partner” mean? According to annual gross sales ("Purchase Price" in Marketplace reports), a minimum $1M annual gross sales comprised a minimum of 35% from the cloud.

Security

5ee82afd-96a8-4883-80ef-68914561c286.png

System and Organization Controls - SOC 2

SOC 2 reports are independent third-party examination reports demonstrating how an organization achieves key compliance controls and objectives.

  • What Atlassian says about Trust Service Criteria (TSC) - read more

  • SaaSJet is SOC 2 Type 2 compliant - read more

image-20240410-184007.png

 

CAIQ-Lite

CAIQ Lite is a simplified version of the Consensus Assessments Initiative Questionnaire (CAIQ), which is designed to assess the security posture of cloud service providers.

Atlassian requires all Platinum, Gold, and Silver Marketplace Partners to complete the CAIQ-Lite questionnaire, which it then reviews.

  • What Atlassian says about the security of the cloud ecosystem - read more

 

security-contact.png

 

Security Contact

If at any time you have concerns or are uncertain whether your security research is consistent with this policy, please contact us at security@saasjet.com

Support

 

help.png

 

Working hours: Mon-Fri 24hrs GMT+3

Phone: +1 888 396 0501

Book a demo session: click to schedule an online free demo

Support portal: click to create a ticket

Help: Read the documentation

We understand that data security is of utmost importance to our users. The information below outlines the types of data stored by SLA Time and Report for Jira, associated security measures, and storage periods, addressing your data privacy concerns.

Data storage

  • Data Stored within Jira

    • Task-Related Submissions: Notifications and SLA events that you configure in the app are sent directly to Jira issues and stored within the Jira environment. All SLA timers, statuses, and notifications visible in issues are handled and retained inside Jira, not in external databases.

Important Note: We do NOT store personal user data such as emails or names while you are using our applications. We can store your personal information in 2 cases:

  •  to respond to your direct request if you contact us for support.

  •  if your name and email are specified as your organization’s billing or technical contact during the subscription process.

We do not collect this information independently. We see only the information you have specified.

Data Security

Your data is protected through multiple layers of security:

  • Encryption: Protecting your data in transit.

  • Strict Access Controls: Limiting database access to authorized personnel only.

  • System Updates and Monitoring: Keeping everything up-to-date and secure against potential issues.

App internal restrictions

Access to SLA Time and Report functionality is managed through group-based permissions within Jira.

  • Access to app pages (SLA Manager, Permissions, and Reports) can be individually granted by administrators to specific user groups.

  • The SLA widget in Jira issue panels is visible to all users who have access to that issue.

  • When creating or sharing JQL-based views in SLA Manager or Reports, please note that any information included in the JQL query (such as project name, project key, or field values) will be visible to users who have access to that shared view. If a view is made public, its JQL query becomes visible to all users with access to the app.nTherefore, we recommend avoiding the inclusion of sensitive or confidential project identifiers in JQL expressions that are intended to be shared publicly.

  • The widget will not appear in projects where no SLA configuration has been linked.

This approach ensures granular control and visibility aligned with your team’s permissions model.

Changes to Policy

Any significant changes that occur in our data security and retention practices will be communicated on our website.

Read about the SaaSJet Privacy Policy ->

If you need help or want to ask questions, please get in touch with us through SaaSJet Support (Time of the First Response ≤ 4 hours) or via email at support@saasjet.atlassian.net

Haven't used this add-on yet, then try it now!

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close