This statement about security practices pertains to the JXL app for Jira Cloud, not the JXL app for Jira Data Center.
Security and privacy are built into the fabric of our products, infrastructure, and processes, so you can rest assured that your data is always protected.
JXL enables users to display and edit their Jira data (i.e., data to which they have read and/or write access in the respective Jira site) via the application’s user interface. To do so, JXL, running in the user’s browser, invokes the Jira REST API (either directly, or indirectly through gateway services operated by Fine Software) based on the user’s input. The Jira REST API respects the signed-in user's, as well as the app's, permissions; therefore, no Jira data is ever loaded, created, updated, deleted, or otherwise manipulated in a way that has not been initiated by the user, or does not respect the permission model of the respective Jira site.
JXL stores its sheets data, along with various user-level information (such as the most recently visited sheets), directly in the customer’s Jira site. This means that all customer data is stored by Jira, and therefore subject to all security measures and data residency management that Atlassian provides.
All data transfer between the user’s browser and the user’s Jira site happens securely via HTTPS.
With all customer data being stored in Jira, JXL utilises Atlassian’s backup and data recovery mechanisms.
As all data flows between the customer’s Jira site and the user’s browser, no Fine Software employee, regardless of their role, has access to customer data at rest. Application logs are anonymised and don’t contain any references to customer data.
We commit to the Accelerated Resolution Timeframes of Atlassian’s security bugfix policy.