Security Policy

Data Storage

All data processed by Nesty is stored exclusively within Atlassian's cloud environment, ensuring that no customer data is transmitted or stored externally. Your data remains within the secure boundaries of Atlassian's infrastructure at all times.

Data Residency

Nesty aligns with Jira's data residency policies, meaning your data resides in the same geographic region as your Jira Cloud instance. This ensures compliance with enterprise geographic requirements and data sovereignty regulations.

No External Data Transmission

Nesty does not transmit your data to external services or third-party systems. All operations occur within Atlassian's secure cloud environment, maintaining the highest levels of data protection and privacy.

Atlassian Standards

By leveraging the Forge platform, Nesty benefits from Atlassian's robust security measures, including:

• End-to-end encryption for data in transit and at rest
• Regular security patching and updates
• Compliance with industry standards including SOC 2 Type II and ISO/IEC 27001
• Continuous security monitoring and threat detection
• Regular security audits and penetration testing

Secure Coding Practices

Our development team follows secure coding practices and adheres to the principle of least privilege, ensuring that Nesty operates with minimal permissions necessary for functionality. We conduct regular code reviews, security assessments, and follow OWASP security guidelines to maintain the highest security standards.

Forge Platform Security

As a Forge cloud app, Nesty inherits Atlassian's enterprise-grade security infrastructure. The Forge platform provides built-in security features including automatic security updates, sandboxed execution environments, and compliance with Atlassian's security requirements.

Prompt Notifications

In the event of a security incident, we are committed to providing timely notifications to affected users. We will notify users as soon as possible after becoming aware of any security issue that may impact their data or usage of Nesty.

Transparency

We maintain transparency throughout the incident response process. We will share relevant information regarding:

• The nature and scope of the incident
• The steps taken to address and resolve the issue
• Any measures implemented to prevent future occurrences
• Recommended actions for users, if applicable

Reporting Security Issues

If you discover a security vulnerability in Nesty, please report it to us immediately. We take security vulnerabilities seriously and will respond promptly to all reports. Please contact us through our support channels or via the Atlassian Marketplace.

Privacy Policy

Our Privacy Policy outlines how we collect, use, and protect your information, ensuring compliance with applicable data protection laws including GDPR, CCPA, and other regional privacy regulations.

End User License Agreement (EULA)

The End User License Agreement governs the use of Nesty, detailing user rights and responsibilities, usage terms, and limitations of liability.

Compliance Standards

Nesty operates in compliance with Atlassian's security and compliance standards. As a Forge cloud app, we benefit from Atlassian's certifications including SOC 2 Type II, ISO/IEC 27001, and GDPR compliance. Your data is protected by the same security measures that protect Atlassian Cloud.