Trust & Security Profile
Official Enterprise Assessment for Jira & Confluence Cloud
For highly regulated enterprise environments (financial services, healthcare, defense, and SaaS providers), approving third-party apps for Jira and Confluence Cloud is a massive compliance hurdle.
Legacy Atlassian Connect apps utilize vendor-hosted databases, meaning your private engineering backlogs and internal Confluence spaces must be mirrored to external servers. This exposes your company to supply-chain leaks, data leaks, and compliance violations.
"AppKeel applications utilize Atlassian Forge. Our applications operate exclusively inside Atlassian-managed serverless containers. Outbound data calls are 100% blocked, establishing a Zero-Egress profile."
๐ก๏ธ Forge-Native Architecture: Zero Data Egress
Our apps are designed around data confinement. We do not transmit estimate metrics, user lists, roles, classifications, or documentation parameters outside your tenant.
No External DBs
Estimations and governance logs are stored strictly inside native Atlassian custom entities.
Network-Level Block
Egress endpoints are completely restricted at runtime, preventing background telemetry leaks.
๐ Atlassian Marketplace Security Profile
To help Atlassian Platform Teams and InfoSec Officers bypass the standard 6-month evaluation timeline, we outline our official security assessment answers:
Is your app SOC2 or ISO27001 aligned?
Yes. Because our code executes entirely inside Atlassian's secure, compliant SOC2/ISO27001 infrastructure, all infrastructure-level security matches Atlassian's enterprise compliance profile.
Does AppKeel collect or store PII data?
No. All data used by the apps (estimates, team roles, classifications) is saved within Jira or Confluence Cloud custom entities. We do not access or collect any PII on our servers.
How are data residency guidelines handled?
Data residency parameters are inherited dynamically. If your Jira instance resides in the European Union, the app's databases are pinned to the EU automatically by Atlassian, meeting EU data boundary laws without extra setup.
๐ฌ Frequently Answered Security Questions
Q.How does AppKeel guarantee zero data egress?
All AppKeel applications are built natively on the Atlassian Forge framework. Under this serverless runtime architecture, outbound HTTP requests are strictly blocked at the sandboxed container level. This prevents any telemetry, analytics, or estimate details from leaving your secure Atlassian Cloud boundary.
Q.Where is my data stored when using AppKeel apps?
Your data is stored exclusively within your active Atlassian Cloud instance using Atlassian Forge custom entities. AppKeel does not run external databases, backup nodes, or storage servers, ensuring that your corporate intellectual property remains completely within your pre-approved data storage limits.
Q.Is a separate Data Processing Addendum (DPA) required under GDPR?
No separate DPA is required. Because our apps operate natively inside Atlassian serverless containers with no outbound traffic, AppKeel never receives or acts as a processor for your operational data. All data processing remains fully covered under your existing Atlassian Master Services Agreement and Atlassian DPA.
Q.Does AppKeel support Atlassian Data Residency?
Yes. Because AppKeel utilizes Atlassian custom entities for storage within your Atlassian container, your organization's active data residency configuration (such as pinning data to the EU, US, or other regions) is automatically inherited and enforced at the database level.
๐ Fast-Track Your Internal Security Audit
If you need a formal compliance review, complete with official Atlassian Forge architectural whitepapers, reach out to our Systems Engineers:
Need a formal compliance review package?