Skip to main content
Skip table of contents

Security Policy

Data Security and Privacy Statement

At DevOpsSystems, we take data security and privacy seriously. Whether deployed as Atlassian Forge Apps (Cloud) or Data Center Apps (self-hosted), our applications are developed with a privacy-first and security-by-design mindset. We aim to minimize data exposure, eliminate unnecessary data transfers, and ensure strict control over all processing activities.

No External Data Storage

DevOpsSystems applications do not store any customer data outside of your Atlassian environment. All relevant data remains confined to your Atlassian instances. No information is sent to external DevOpsSystems servers or third-party services.

DevOpsSystems applications store data only in the environment where they are running:

  • Forge Apps: All data remains within the Atlassian Cloud. No data is transmitted to DevOpsSystems servers or third-party services.

  • Data Center Apps: All processing and storage occur on your infrastructure. DevOpsSystems has no technical access to your environment, nor do the apps connect to external services by default.

There is no transfer of customer data to third-party services at any time.

Local and Instance-Based Processing Only

All application operations are executed strictly within the Atlassian instance they are installed on. Data is only transmitted between Atlassian systems and the end users’ browsers or clients. There is no background telemetry, analytics, or unsolicited outbound communication.

No Remote Access or Monitoring

The staff at DevOpsSystems has no access to your repositories, projects, issues, or configuration data. Furthermore, DevOpsSystems apps do not include any mechanism for remote access, remote monitoring, or remote update triggering. Our applications are fully self-contained and do not "phone home" under any circumstances.

Security by Design

  • No credentials, personal data, or business logic leave your Atlassian infrastructure.

  • Our apps follow the principle of least privilege and only request permissions that are strictly required for their functionality.

Compliance and Transparency

DevOpsSystems is committed to maintaining compliance with relevant data protection laws, including the General Data Protection Regulation (GDPR) where applicable. We do not collect or process personal data unless explicitly required and documented.

If you have any questions about how we handle data or if you believe you have discovered a security vulnerability, please contact us at:

info@devopssystems.de

Security Vulnerability Remediation Policy

The following outlines how and when DevOpsSystems addresses security issues in its products, based on their assessed severity.

At DevOpsSystems, we are committed to maintaining the security and integrity of our software. To ensure timely resolution of vulnerabilities, we follow a structured and prioritized approach. Remediation goals are defined by the severity of the issue and the specific product affected. Our aim is to address and resolve security issues as quickly and effectively as possible to minimize risk to our users.

We have established the following target timeframes for remediating confirmed security vulnerabilities. These timeframes begin once the issue has been verified and its severity classified by our internal security or engineering teams.

Remediation Timeframes:

  • Critical Severity

    Issues that pose an immediate and severe threat to data security, system integrity, or customer operations.

    Target fix timeframe: within 2 weeks

  • High Severity

    Issues that could result in significant risk or impact under specific conditions but are not immediately exploitable.

    Target fix timeframe: within 4 weeks

  • Medium Severity

    Issues with moderate potential impact, limited exploitability, or mitigated by configuration or environmental factors.

    Target fix timeframe: within 6 weeks

  • Low Severity

    Issues with minimal risk, unlikely exploitation scenarios, or cosmetic impact. These will be reviewed and included in a future planned release, based on development cycles and prioritization.

    Scheduled for inclusion in the next official release

Security Vulnerability Remediation Policy

The following outlines how and when DevOpsSystems addresses security issues in its products, based on their assessed severity.

At DevOpsSystems, we are committed to maintaining the security and integrity of our software. To ensure timely resolution of vulnerabilities, we follow a structured and prioritized approach. Remediation goals are defined by the severity of the issue and the specific product affected. Our aim is to address and resolve security issues as quickly and effectively as possible to minimize risk to our users.

We have established the following target timeframes for remediating confirmed security vulnerabilities. These timeframes begin once the issue has been verified and its severity classified by our internal security or engineering teams.

Remediation Timeframes:

  • Critical Severity

    Issues that pose an immediate and severe threat to data security, system integrity, or customer operations.

    ➤ Target fix timeframe: within 2 weeks

  • High Severity

    Issues that could result in significant risk or impact under specific conditions but are not immediately exploitable.

    ➤ Target fix timeframe: within 4 weeks

  • Medium Severity

    Issues with moderate potential impact, limited exploitability, or mitigated by configuration or environmental factors.

    ➤ Target fix timeframe: within 6 weeks

  • Low Severity

    Issues with minimal risk, unlikely exploitation scenarios, or cosmetic impact. These will be reviewed and included in a future planned release, based on development cycles and prioritization.

    ➤ Scheduled for inclusion in the next official release

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close