Privacy Policy

Zero Data Persistence

• All data stored in temporary memory only - no databases, no file storage
• Sessions automatically expire & memory gets purged after 15 mins of inactivity

Enterprise-Grade Encryption

• API tokens encrypted using Fernet (symmetric encryption) while in memory
• HTTPS-only - all network traffic encrypted in transit
• HTTP-only cookies prevent XSS attacks and credential theft
• CORS validation ensures only authorized origins can make API requests

Session Isolation

• Each user gets a unique, isolated session - no cross-contamination
• Your data never touches another user's session
• Sessions use cryptographically secure random identifiers

Input Validation & Injection Protection

• JQL injection protection - all user inputs sanitized before querying Jira
• Strict validation of project keys, field mappings, and filter values
• Pydantic models enforce data types and prevent malformed requests

Minimal Data Access

• Only retrieves ticket metadata, timestamps and status changes - no summary, description, comments, attachments, or user details
• Direct communication with your Jira instance - no third-party intermediaries
• No analytics, tracking, or telemetry - your usage is completely private

Continuous Security Monitoring

• Automated security scanning on every code change
• Automated dependency vulnerability detection
• Regular security audits of Python and npm dependencies

Zero Data Storage

No user data is stored. Jira credentials (including email address, API key, Atlassian link, Project Key) are held only in memory during an active session. Once the session ends, all credentials are cleared from memory and no traces are persisted. This app does not store any state beyond the session lifecycle. If the session is interrupted or closed, all unsaved work and configurations will be lost.

Data Access Scope

When you authenticate with your Jira instance, only the following data mapped to your project is accessed: Ticket metadata (issue key, type, status, priority, creation date, resolution date, epic link (parent) ID, fix/version (release), component, labels) and Changelogs metadata (Issue key, from status, to status, date of change). No other data (including user information, comments, attachments, or custom fields) is accessed, retrieved, or stored by this application.

Session Management & Cookies

Cookies are essential to secure handling of your private data. By using the app, you agree to the use of cookies. You can delete the cookies at the end of your session. Cookies are only used for session management and security. They are not used for tracking, marketing, or analytics.

No Third-Party Data Transmission

The application does not transmit user credentials or project data to any third-party service. All API requests are made directly between this application and your Jira instance using the credentials provided during the session. All calls from the app to Atlassian are via HTTPS.

No Analytics or AI Training

This application does not use any third-party analytics services (such as Google Analytics, Segment, etc.). Your interaction with the app remains private and local to your session. This app uses fundamental math and statistics - there's no machine learning (ML) or artificial intelligence (AI) models. So you can be assured that your data is not used to train AI.

Logging and Metadata

The application does not log session data. However, hosting providers or cloud infrastructure used may log metadata such as IP addresses or access timestamps for operational purposes.

User Responsibility

By using this application, you acknowledge that you understand the temporary nature of credential handling and agree to use the tool in accordance with your company's security and privacy policies. If you are unsure about using this tool, please consult your information security team.