Security Policy
Introduction
At Forged Apps LLC (“Forged Apps,” “we,” “our,” or “us”), security is a top priority. This Security Policy outlines our commitment to protecting your data and maintaining the security of our applications. Our services are built on Atlassian’s Forge platform, providing enterprise-grade security through a shared responsibility model.
Platform Security
Forge Platform
- Our applications run entirely on Atlassian’s Forge platform
- Applications are isolated in secure AWS Lambda environments
- All communications are encrypted using industry-standard protocols
- Platform security is continuously monitored and maintained by Atlassian
Data Residency
- All application processing occurs within Atlassian’s secure infrastructure
- Data residency follows Atlassian’s regional data hosting policies
- No customer data is stored outside the Forge platform
Data Security
Data Storage
- We maintain a minimal data footprint
- No customer-specific data is stored permanently
- All temporary data processing follows Forge platform security guidelines
Data Transmission
Limited external data transmission only for:
- Customer support services (Brevo)
- Payment processing (Stripe)
- Anonymous product analytics (PostHog)
Data Privacy
- No personal information is collected or stored
- Analytics data is anonymized and aggregated
- Full compliance with GDPR and other privacy regulations
- Data Processing Agreement
Access Control
Authentication
- All authentication is handled through Atlassian’s secure systems
- Multi-factor authentication support via Atlassian account settings
- No direct access to user credentials or sessions
Authorization
- Strict adherence to principle of least privilege
- Role-based access control through Atlassian permissions
- Regular access review and validation
Compliance and Standards
Security Frameworks
- Compliance with Atlassian’s security requirements
- Regular security assessments and reviews
- Adherence to industry best practices
- Cloud Security Alliance CAIQ Assessment
Certifications
- Leverages Atlassian’s platform certifications
- Compliant with Forge security standards
- Regular security compliance monitoring
Incident Response
Security Incidents
- Comprehensive incident response plan
- Immediate notification of security incidents
- Coordination with Atlassian security team when required
Reporting Security Issues
If you discover a security vulnerability, please report it to us immediately.
Business Continuity
Disaster Recovery
- Automated backup through Forge platform
- Business continuity planning
Service Reliability
- 99.9% target uptime
- Automated monitoring and alerting
- Regular performance optimization
Security Controls
Application Security
- Secure development lifecycle
- Regular code security reviews
- Automated security testing
- Vulnerability management program
Infrastructure Security
- Managed by Atlassian Forge platform
- Regular security patches and updates
- Network security monitoring
- DDoS protection
Third-Party Security
Vendor Management
We carefully select and monitor our third-party service providers:
- Stripe for payment processing (PCI DSS compliant)
- Brevo for customer support (GDPR compliant)
- PostHog for analytics (Data privacy compliant)
Integration Security
- Secure API implementations
- Regular security reviews of integrations
- Minimal data sharing with third parties
Contact Information
For security-related inquiries or to report security issues:
- Email: [email protected]
- Response Time: Within 24 hours
Changes to Security Policy
We regularly review and update our security policies. Major changes will be communicated to all users through our application interfaces and via email.
Last Updated: March 25, 2025