Last Updated: January 23, 2025
This Security Policy applies to all products developed by Plugin Vault for the Atlassian Marketplace, including Mention Groups. It ensures compliance with industry standards, such as GDPR, CCPA, and Canadian privacy regulations, as well as adherence to Atlassian's security and data handling requirements.
Types of Data Collected:
Plugin Vault apps may collect and process user email addresses, usage logs, and metadata through Atlassian APIs. This data is used for customer support and ensuring the main app functionality, as outlined in the Data Processing Agreement (DPA).
Data Storage and Security:
All data is stored using Atlassian's infrastructure, leveraging their encryption protocols and compliance frameworks, as detailed in their security policy.
Authentication Mechanisms:
Plugin Vault apps utilize Atlassian's pre-authenticated APIs and secure access protocols (e.g., OAuth 2.0).
Access Controls:
User permissions and roles are inherited from Atlassian's Developer APIs, ensuring a seamless and secure experience consistent with Atlassian platform standards.
Plugin Vault follows a structured Secure Development Lifecycle (SDLC):
Planning: Identify potential security risks during feature design, incorporating threat modeling and design reviews to proactively address vulnerabilities.
Development: Adhere to coding best practices utilizing a regularly updated library of security standards to ensure code integrity.
Testing: Conduct manual tests and employ various automated tools to identify vulnerabilities, including static analysis and dynamic testing methodologies.
Deployment: Deploy code only after thorough review and validation, ensuring that all security measures are in place and functioning as intended.
All code undergoes peer review to ensure quality and security. Automated tools are employed to identify vulnerabilities, and plugins are periodically reviewed to ensure compliance with Atlassian's security updates.
Plugin Vault adheres to GDPR, CCPA, and Canadian privacy laws, ensuring transparency in data usage and offering rights such as access, correction, and deletion of personal data.
Plugin Vault maintains an effective incident response plan:
Reporting: Users can report incidents via email to support@pluginvault.dev.
Response: Incidents are acknowledged and investigated promptly, with a goal to resolve issues swiftly.
Notification: Major incidents involving personal data breaches are reported to users and regulatory authorities as required by law.
Plugin Vault apps currently do not integrate with third-party services. All functionality is built upon Atlassian's APIs, ensuring security and reliability.
Users are informed about security features and data policies:
Policy Access: During installation, users are prompted to review Plugin Vault's privacy policy and terms, which are linked in the app's description on the Atlassian Marketplace.
Updates: Updates to security practices are communicated via a "Last Updated" section in the policies and through email notifications, if applicable.