Security

Introduction

JExcel is a Jira application that allows users to view and modify their Jira data through the app's interface in an Excel-like way. The app is also designed to facilitate the import and export of Jira issues to and from Excel. It utilizes the Jira Cloud REST API, particularly the issue and issue field retrieval and modification APIs, ensuring seamless data management and workflow efficiency between Jira and Excel. The app respects user permissions, ensuring that no data is accessed or manipulated without proper authorization and user initiation.

Data Processing, Storage, and Residency

JExcel basically stores all sheet meta data (e.g. JQL, workbook owner’s ID). The app processes and stores the following types of End-User Data outside of Atlassian products and services: Content posted, received, or shared in the app, Email address, and Atlassian account ID. If an export is not downloaded or is canceled, the export file is retained for up to 60 days. Data is stored in a PostgreSQL database, pinned in the US-West region. More information: support@moresimp.com.

Data Backup and Recovery

Our recovery plan involves restoring a database snapshot and rebuilding the AWS Beanstalk environment. This ensures data integrity is maintained and the application environment is promptly reinstated to its operational state. Full disk encryption is used for data stored outside of Atlassian.

Security Vulnerability Management

In case of a security breach, we notify our customers based on the severity of the issue. Severe security incidents are immediately communicated to customers, followed by workarounds until a hot-fix or new release is available. The app is a participant in the Marketplace Security Bug Bounty Program, where over 100 security researchers regularly scan JExcel for vulnerabilities.

Incident Management and Communication

We notify users of errors, particularly rate limits from Atlassian APIs. Our response process for critical deployment issues involves a rollback strategy to minimize customer impact.

Performance Testing

We conduct performance testing at every release to assess the app’s ability to work at scale. This proactive approach ensures that JExcel can handle increased loads and maintain optimal performance.

Data Transfer

All communication between the user's browser and the Jira site is encrypted using HTTPS, ensuring secure data transfer.

Issue Detection

Production issues are typically discovered through monitoring and support tickets, allowing us to address any problems promptly and efficiently. We ensure that all customer data and operational environments are secure and functional at all times.

Access to Customer Data

Customer data is transferred directly between Jira and the user’s browser. MORESIMP personnel do not have access to this data. Anonymized application logs ensure no identifiable customer information is exposed. Full disk encryption is used for data stored outside of Atlassian.

General Data Protection Regulation (GDPR)

MORESIMP is a 'data processor' under GDPR for the following types of End-User Data: Email address and Full name. The app uses a GDPR-approved mechanism, specifically Standard Contractual Clauses (SCCs), for transferring European Economic Area (EEA) residents' End-User Data outside of the EEA.

Subcontractors

Refer to our Privacy Policy for detailed information on subcontractors involved in our processes.