Data Access and Storage
This app runs entirely within the Atlassian Forge platform, leveraging Forge’s secure execution environment.
We do not store or transmit any user data outside of Atlassian infrastructure.
All access to Confluence content (such as diagrams and attachments) is performed securely through Atlassian’s REST APIs with the minimal required OAuth scopes.
We do not persist any personal or sensitive information on our own servers or any third-party services.
Permissions and Scopes
Our app requests the minimum required permissions to function as intended within the Atlassian ecosystem, including but not limited to Confluence and Jira.
Permission scopes are limited to:
Page or issue-level access for inserting, updating, or referencing diagram content
Access to attachments or user-provided files, if import or export features are used
Metadata access for listing, searching, or filtering user content (e.g., recent activity)
We do not request administrative scopes, global access, or any elevated privileges unless explicitly required by a specific feature—and only with full user consent.
All permissions are defined transparently in the app manifest and enforced through Atlassian Forge’s secure runtime and API boundaries.
Data Handling and Privacy
All data remains within the Atlassian ecosystem (Forge runtime + REST APIs)
The app does not track user behavior, usage analytics, or IP addresses
No data is sent to or stored on external servers
The app is designed in compliance with Atlassian’s Data Security Policy, and follows the principles of GDPR and data minimization.
Vulnerability Management
We proactively monitor for vulnerabilities through:
Atlassian’s security advisories and Forge changelogs
Dependency auditing and patching
Internal code reviews for every release
We are committed to resolving security issues quickly and delivering updates through the Marketplace in a timely manner.
Reporting Security Issues
If you discover any security vulnerabilities or concerns, please contact us at:
📧 [experts@hktx.cn]
We will respond to all valid reports within 2 business days and prioritize critical issues immediately.