Security and privacy are built into the fabric of our app, infrastructure, processes and services, so you can rest assured that your data is always protected. Your data never leaves your site.
Atlassian Cloud Fortified
Our reliability and support are certified Cloud Fortified by AtlassianRead more
JXL is scanned by the Ecoscanner Platform (Cloud) and Security Scanner (Data Center)Read more
Bug bounty program
Over 100 security researchers scan JXL regularly for vulnerabilitiesRead more
Your data never leaves your site
We don't access and store any customer data externally, all data is stored in your Jira site
JXL APIs and gateway services are hosted in the same region your Jira site is pinned toRead more
Principle of least privilege
JXL only requests access scopes actually required to perform its functionality, nothing more
JXL is compliant with EU regulation 2016/679 and all other applicable data protection laws
Publicly available Cloud Security Alliance Consensus Assessments Initiative QuestionnaireDownload questionnaire
Security posture questionnaires
We are open to prioritising work on any custom questionnaires you might need filled email@example.com
We apply accelerated resolution timeframes in the event of necessary security bugfixesRead more
JXL is a Jira app that enables users to display and edit their Jira data via the apps's user interface, i.e. data to which they have read and/or write access in Jira. JXL, running in the user's browser, utilises the Jira REST API (either directly, or in JXL for Jira Cloud also sometimes indirectly through same-region gateway services operated by Fine Software) based on the user's input.
The Jira API respects the signed-in user's, as well as the app's, permissions. No Jira data is ever loaded, created, updated, deleted, or otherwise manipulated in a way that has not been initiated by the user, or does not respect the permission model of the Jira site.
In cases where data is routed through Fine Software gateway services before retrieval from or storage in Jira, these services are in the same realm (AWS region) as the customer's Jira site. JXL supports all Atlassian locations, as listed in the JXL Status page.
JXL stores its sheets data, along with various user-level information (e.g. the most recently visited sheets), exclusively inside the customer's Jira site. This means that all customer data is stored by Jira, and therefore subject to all security measures and data residency management Atlassian provides (JXL for Jira Cloud), or the customer operates (JXL for Jira Data Center and Server).
All data transfer between the user's browser and the user's Jira site happens securely via HTTPS protocol.
With all customer data being stored in Jira, JXL utilises Atlassian's backup and data recovery features (JXL for Jira Cloud), or equivalent capabilities that the customer operates (JXL for Jira Data Center and Server).
As all data are exchanged directly between the customer's Jira site and the user's browser, no Fine Software employee, regardless of their role, has access to customer data at rest. Application logs are anonymised and don't contain any references to customer data.