The short version:
Every NovaCraft Tools app runs entirely on Atlassian Forge. Your data never leaves
Atlassian's infrastructure. We operate no external servers, databases, or cloud services.
We cannot access your data.
Architecture: Forge-native by design
All three NovaCraft Tools apps (AutomationEngine, ChecklistPro, and TimeTracker Pro) are built on Atlassian's Forge platform. This is a deliberate architectural choice with direct security implications:
- No external infrastructure. We do not operate servers, databases, or any cloud resources. The app code runs in Forge's sandboxed runtime inside Atlassian's cloud.
- Forge Storage API only. All persistent data (checklists, time entries, automation rules, templates, settings) is stored using Forge's built-in storage, which lives within your Atlassian tenant.
- No egress. Forge restricts outbound network calls. Our apps make zero external network requests. There is no telemetry, no analytics endpoint, no webhook to an external service.
- Tenant isolation. Forge provides process-level isolation between tenants. Data from one Atlassian site is never accessible from another installation.
Permissions: principle of least privilege
We request only the Jira API scopes our apps actually need, and we have explicitly removed scopes we don't.
| Scope | Status | Why |
|---|---|---|
read:jira-work |
Requested | Read issue data for automation triggers, checklist context, and time entry association |
write:jira-work |
AutomationEngine only | ChecklistPro and TimeTracker Pro do not request it — their checklists and time entries live entirely in Forge Storage. AutomationEngine requests it solely to execute the rule actions you configure (such as auto-assigning or labeling issues); all app data still lives in Forge Storage. |
manage:jira-configuration |
Not requested | We don't modify your Jira configuration, workflows, or schemes |
How we scope
write:jira-work:
Apps with write:jira-work can modify issue fields, transitions, and worklogs.
ChecklistPro and TimeTracker Pro don't request it at all, so they cannot alter your Jira
data even if our code had a bug. AutomationEngine does request it — it has to, in
order to carry out the rule actions you configure — but it only acts when your own
rules tell it to, and all app data stays in Forge Storage inside your tenant.
Access controls
Every management operation in every NovaCraft Tools app is gated at two layers:
- Manifest-level gating. Admin pages and management resolvers are restricted to Jira administrators in the Forge manifest. This is enforced by Atlassian before our code runs.
- Server-side re-verification. Every resolver that writes data re-checks the caller's permissions at execution time, regardless of what the frontend UI shows. A forged or tampered frontend context cannot bypass server-side checks.
-
Read-path permission checks. Cross-issue reads (reports, search,
progress queries) enforce Jira's
BROWSEpermission so callers cannot enumerate data they wouldn't normally see.
Per-app access controls
| App | Admin functions | User functions |
|---|---|---|
| AutomationEngine | Create, edit, delete, enable/disable rules (admin-only) | View execution logs (admin-only) |
| ChecklistPro | Create, edit, delete templates (admin-only) | Add/toggle checklist items (issue-level, canViewIssue checked) |
| TimeTracker Pro | Settings, approver list, reports (admin-only) | Log time (own entries), submit timesheet; approve/reject (approver allowlist only) |
Data handling
- Encryption at rest: Forge Storage is encrypted at rest using Atlassian's encryption infrastructure.
- Encryption in transit: All communication between your browser, Atlassian's cloud, and the Forge runtime uses TLS.
- No backups on our side: We do not maintain copies of your data. Backups are handled by Atlassian's infrastructure.
- Uninstall = delete: Uninstalling a NovaCraft Tools app removes all associated Forge Storage data from your tenant.
- No AI/ML: We do not use your data for training, analytics, or any form of machine learning.
Compliance
By running on Forge, NovaCraft Tools inherits Atlassian's compliance posture:
- SOC 2 Type II — inherited from Atlassian Cloud
- ISO 27001 — inherited from Atlassian Cloud
- GDPR — no personal data processing beyond Atlassian account IDs; see our Privacy Policy
- CCPA — we do not sell personal information
- Atlassian Marketplace security review — all apps have passed Atlassian's automated and manual security review process
Input validation and safety
-
AutomationEngine: Sensitive-field denylist prevents
set_fieldfrom writingreporter,creator,security,summary,description, internal dotted paths, and underscore-prefixed fields. Enforced at save time and execute time. Per-rule execution timeout (10s) prevents runaway rules. -
ChecklistPro: Special characters (
:,/,.,\) rejected in template categories to prevent storage-key namespace aliasing. Item counts enforced per-checklist. - TimeTracker Pro: Optimistic-concurrency tokens on approve/reject/resubmit prevent race conditions. Max daily hours cap with timezone-aware boundary detection. Approver allowlist is fail-closed (empty list = no approvals possible).
Vendor information
| Detail | Value |
|---|---|
| Vendor name | NovaCraft Tools |
| Support email | [email protected] |
| Privacy inquiries | [email protected] |
| Legal | [email protected] |
| Support SLA | 48-hour response target (Standard); 4-hour Sev 1 response (Enterprise) |
| Privacy Policy | novacraft.tools/privacy |
| Terms of Service | novacraft.tools/terms |
Questions?
If you have security questions, need a completed security questionnaire, or want to discuss enterprise requirements, email us at [email protected].