Security Policy

Effective Date: May 6, 2025

At APPsolute Best LLC, we take security seriously. Whether you are using one of our Atlassian Marketplace apps or engaging with us through consulting services, we apply strict standards to protect your data and ensure safe, reliable solutions.

Our Security Principles

• Data Minimization: We only collect and retain data that is required for functionality or service delivery.
• Privacy by Design: Our apps and solutions are designed with data protection in mind from the ground up.
• Secure Development: We follow secure coding practices and perform internal reviews prior to release.
• Continuous Monitoring: We actively monitor for security advisories and patch vulnerable dependencies as needed.

Marketplace Apps (Forge)

Our Atlassian Marketplace apps, such as APPsolute Archiver, are built on Atlassian's Forge platform and follow the platform's security model:

• Apps run in a sandboxed, isolated environment managed by Atlassian.
• We do not store or transmit End-User Data outside of Atlassian products.
• Apps request only the minimal set of permissions necessary for operation.
• No external services or third-party APIs are used unless explicitly stated.
• User identifiers stored within Forge Storage are treated as personal data and are removed upon receiving Atlassian-initiated data deletion requests.

Consulting Services

When delivering consulting services, we follow secure handling practices:

• Access is limited to systems/data required for the scope of work.
• Temporary credentials are handled securely and revoked after use.
• All communications are conducted over secure, encrypted channels.
• We are happy to sign mutual NDAs as requested.

Incident Response

In the event of a security incident, we will:

• Respond within 72 hours of initial notice
• Communicate the scope, impact, and remediation plan
• Deploy a fix if needed and confirm resolution

Contact

If you have a security concern or would like to report a vulnerability:

Email: [email protected]

Compliance & Data Residency

• Our Forge apps may store user identifiers within Atlassian's infrastructure as required for app functionality. All such data resides within Atlassian's environment and is subject to Atlassian's data residency controls.
• We comply with Atlassian's Ecoscystem data handling requirements, including responding to user data deletion requests.
• For custom consulting solutions, we follow your organization's compliance and security guidelines.