Out of Office Assistant for Jira CloudOut of Office Assistant for Jira Cloud
Try For Free

Privacy and Security

Overview

Out of Office Assistant takes customer privacy and security seriously, following industry best practices for data protection and maintaining full transparency about data handling. This documentation outlines where data is stored, how it's processed, what access permissions are required, and the security measures in place to protect your information.

Understanding Privacy & Security

Our Security Commitment

Out of Office Assistant is built on the principle of least privilege - we only access and collect information that is strictly necessary for the app's functionality. We believe your data is yours and maintain complete transparency about our data practices.

Infrastructure Overview

Our application infrastructure is designed for security and reliability:

  1. ┌─────────────────────────────────────────────────────────┐
  2. │ USER INTERFACE │
  3. │ (Jira Cloud UI) │
  4. └────────────────────┬────────────────────────────────────┘
  6. ┌────────────────────▼────────────────────────────────────┐
  7. │ APPLICATION LAYER │
  8. │ Frontend & Backend: AWS (US East) │
  9. └────────────────────┬────────────────────────────────────┘
  11. ┌────────────────────▼────────────────────────────────────┐
  12. │ DATA STORAGE │
  13. │ MongoDB at AWS us-east-1 │
  14. │ (Encryption at Rest Enabled) │
  15. └─────────────────────────────────────────────────────────┘

Data Storage and Processing

Where We Store Data

Primary Infrastructure:

  • Application Hosting: HEROKU US

  • Database: MongoDB hosted on AWS US

  • Data Encryption: Database encrypted at rest, all communications encrypted in transit

What Data We Store

Core Application Data:

Data Type

Purpose

BaseURL

Addon configuration

Client Key

Authentication

App Secrets

Secure communication

JWT Keypair

API authentication

User Account IDs

User identification

Out of Office Rules

Rule configuration

Out of Office Templates

Message templates

Global App Settings

Configuration

Audit Log Entries

Activity tracking

Integration Data (when enabled):

Integration

Data Stored

Purpose

Slack

Team ID, Team Names, User IDs

Integration authentication

Tempo

Access tokens

API authentication

Zapier

Access tokens

Automation connectivity

Microsoft Outlook

Access/Refresh tokens, Client ID, User ID

Automatic Reply Settings

Google Workspace

Access tokens

Calendar integration

Data We Do NOT Store

We explicitly do not store:

  • Full issue details or content

  • User emails or usernames (except billing/technical contacts)

  • Passwords or credentials

  • Personal calendar event details

  • Slack message content

  • Any data not required for app functionality

Data Access and Permissions

Jira REST API Access Scopes

When installed, Out of Office Assistant requests the following Jira permissions:

  1. Required Scopes:
  2. ├── READ - View issues and project data
  3. ├── WRITE - Update issues and add comments
  4. ├── DELETE - Remove outdated configurations
  5. ├── ACT_AS_USER - Perform actions on user's behalf
  6. └── ADMIN - Access administrative functions

Why these permissions?

  • READ/WRITE: Core functionality for viewing and updating issues

  • ACT_AS_USER: Ensures actions (like comments) appear as coming from the app, not the user

  • ADMIN: Required for reassigning issues of other users

  • DELETE: Clean up outdated configurations

Security Measures

Data Encryption

🔐 Encryption Standards:

  • Database Level: Entire database encrypted

  • In Transit: encryption for all communications

  • Field Level: App Secrets and JWT Keypairs have additional encryption

  • Integration Tokens: All OAuth tokens encrypted before storage

Security Protocols

Active Security Measures:

  • Part of Atlassian Bug Bounty program

  • Continuous security monitoring

  • Regular security updates

  • Secure credential storage

  • No third-party data sharing

Privacy Controls

User Data Rights

You have complete control over your data:

  1. Access Your Data

  • View all stored information through the app interface

  • Request complete data export via support

  1. Modify Your Data

  • Update rules and templates anytime

  • Change integration settings

  • Modify user preferences

  1. Delete Your Data

  • Remove individual rules or templates

  • Disconnect integrations

  • Request complete data deletion

Data Visibility Controls

Within Your Organization:

  • Out of Office statuses visible to all Jira users in your instance

  • JSM (Service Management) customers cannot view statuses (can be activated)

External Visibility:

  • ❌ No third parties can view your data

  • ❌ No data shared with external services

  • ✅ API access only with explicit customer configuration

Compliance and Policies

GDPR Compliance

Out of Office Assistant is fully GDPR compliant:

Requirement

Our Implementation

Lawful Basis

Legitimate interest for app functionality

Data Minimization

Only collect necessary data

Purpose Limitation

Data used only for stated purposes

Storage Limitation

1-year retention policy

Security

Encryption and access controls

Accountability

Clear documentation and audit trails

Privacy & Security Status: ✅ COMPLETE