Jira Permissions
1. Why does the app require such a broad set of Jira permissions? Can you provide a justification for each consent request?
The AI Test Case Generator for Jira requests only the permissions necessary for its functionality. Here’s a breakdown of why each permission is needed:
• Read/Write Jira Work: Allows the app to read user stories and create test case issues.
• App Storage: Retains the app’s configuration settings.
• Manage Jira Configuration and Project Configuration: Enables the setup of the standard test case issue type and project containers.
• Read Project, Sprint, and Board Information, as well as JQL Read Permissions: Required for bulk functionality and for selecting issues by Sprint and JQL queries.
2. Are there opportunities to minimize or eliminate certain permissions while maintaining full functionality?
No, each permission is essential for the app to function properly. These permissions have been tested and verified as the minimum needed for the AI Test Case Generator to work as intended.
3. Does the app adhere to Jira’s best practices for permission management to ensure the least privileged access?
Yes, the app has been thoroughly tested to ensure that it follows the principle of least privilege. Permissions were systematically removed during testing to confirm that only essential permissions are requested.
Data Access and Security
4. What type of Jira data does the app access, and what data is collected or processed?
The app accesses the information within Jira issues to generate test cases. Specifically, it processes the Summary and Description fields. Project Administrators have the option to configure up to 3 additional fields for the app to access and process.
5. How does the app handle sensitive data, and what measures are in place to ensure its protection during transmission and at rest?
All data accessed by the app is considered sensitive and is protected during transmission using HTTPS and SSL protocols. The app does not store data outside of the Jira instance, so data protection at rest is handled within Jira itself.
6. What encryption protocols are used for data storage and transmission?
The app uses HTTPS and SSL encryption to secure data during transmission. Since the app does not store any data, no encryption is required for storage.
7. Is the app regularly reviewed for security vulnerabilities or risks?
Yes, we conduct regular security reviews and use sophisticated security analysis tools to ensure that our platform remains secure and up to date with industry best practices.
Privacy Concerns
8. What personal information does the app collect, and how is this data used or stored?
The app does not collect or store any personal information. All personal information remains within the Atlassian product suite and is not accessed or processed by the AI Test Case Generator.
9. Is there an option for users to opt out of certain data collection?
No, as the app does not collect any personal data, there is no need for an opt-out process.
10. What is the app’s data retention policy, and how is data securely disposed of after the retention period?
Since the app does not collect or retain any data, there is no retention or disposal policy required.
General Security & Compliance
11. Has the app undergone a security assessment to ensure it meets necessary security and privacy standards?
Yes, the app undergoes regular internal security assessments to ensure compliance with industry standards. We also employ continuous monitoring and alerting for potential security issues.
12. How does the app ensure compliance with regulations such as GDPR or other data protection laws?
The app is stateless and does not retain any of the data it processes. Therefore, all data is protected by the Atlassian suite, which ensures compliance with GDPR and other similar data protection laws.
13. Are there any additional assurances you can provide regarding data security and privacy?
We are committed to maintaining a high standard of data security and privacy. If you have any further questions or concerns, feel free to reach out, and we will be happy to provide additional details or clarifications.
14. Which locations are involved in data processing?
Data processing takes place in the United States, while our backend infrastructure is hosted in the Australia region. This ensures that data is handled securely in compliance with regional security standards and regulations.
15. Do you provide SOC II or ISO 27001 certificates?
We currently do not hold SOC II, ISO 27001, or PCI compliance certificates ourselves. However, the technology vendors we work with, including those providing AI and LLM models, are fully compliant with these standards. We ensure that the vendors in our tech stack, such as those offering infrastructure services and AI capabilities, adhere to the highest security and compliance standards.
You can visit the trust centers of our key technology partners for more information on their certifications and compliance: