🛡️ Security Policy

Sprint Health Analyzer is built on Atlassian’s Forge platform and adheres to strict security practices. This document outlines how the app ensures the confidentiality, integrity, and security of your Jira data.

🧱 Built on Forge

Sprint Health Analyzer is developed entirely on Atlassian Forge, which provides:

• Sandboxed function execution

• Enforced data residency (Forge-hosted)

• Secure app storage and isolated environments

• OAuth and JWT-based authorization

• Built-in permission scoping

All operations are governed by Atlassian’s platform-level security controls.

🔐 Data Access

The app does not write or mutate any data in Jira.

🚫 No External Communication

Sprint Health Analyzer:

• Does not send or sync data to any external service or third-party server

• Does not store data outside Atlassian infrastructure

• Does not use external analytics, tracking scripts, or ads

🧠 Computation in Memory

All calculations (e.g., health score, cycle time, burndown) are performed:

• Client-side in the user’s browser or

• Server-side in Atlassian Forge’s ephemeral runtime

No persistent storage is used. No data is saved between sessions.

🧪 Security Testing

• ✅ Code linting and dependency checks before release

• ✅ Manual validation for API endpoints and data handling

• ✅ Read-only logic reviewed before each version update

• ✅ Public bug reporting via support email

📉 Failure and Recovery

Since all calculations are performed at runtime and require no backend infrastructure:

• If Forge or Jira API is unavailable, the app will show an error state

• Data is reloaded automatically after recovery

• No partial states are cached or persisted

🛡️ Summary

📧 Contact

For security-related concerns, please email:

📨 support@typeswitch.net
We respond to security inquiries within 1–2 business days.