The short version:
Every NovaCraft Tools app runs entirely on Atlassian Forge. Your data never leaves Atlassian's infrastructure. We operate no external servers, databases, or cloud services. We cannot access your data.
Architecture: Forge-native by design
All three NovaCraft Tools apps (AutomationEngine, ChecklistPro, and TimeTracker Pro) are built on Atlassian's Forge platform. This is a deliberate architectural choice with direct security implications:
- No external infrastructure. We do not operate servers, databases, or any cloud resources. The app code runs in Forge's sandboxed runtime inside Atlassian's cloud.
- Forge Storage API only. All persistent data (checklists, time entries, automation rules, templates, settings) is stored using Forge's built-in storage, which lives within your Atlassian tenant.
- No egress. Forge restricts outbound network calls. Our apps make zero external network requests. There is no telemetry, no analytics endpoint, no webhook to an external service.
- Tenant isolation. Forge provides process-level isolation between tenants. Data from one Atlassian site is never accessible from another installation.
Permissions: principle of least privilege
We request only the Jira API scopes our apps actually need, and we have explicitly removed scopes we don't.
| Scope | Status | Why |
|---|---|---|
read:jira-work |
Requested | Read issue data for automation triggers, checklist context, and time entry association |
write:jira-work |
Not requested | None of our apps modify your Jira issues. Checklists, time entries, and automation data live in Forge Storage. |
manage:jira-configuration |
Not requested | We don't modify your Jira configuration, workflows, or schemes |
Why "no write:jira-work" matters:
Apps with
write:jira-work can modify issue fields, transitions, and worklogs across your entire Jira instance. By not requesting this scope, NovaCraft Tools cannot alter your Jira data even if our code had a bug. This is a security boundary, not a feature gap.
Access controls
Every management operation in every NovaCraft Tools app is gated at two layers:
- Manifest-level gating. Admin pages and management resolvers are restricted to Jira administrators in the Forge manifest. This is enforced by Atlassian before our code runs.
- Server-side re-verification. Every resolver that writes data re-checks the caller's permissions at execution time, regardless of what the frontend UI shows. A forged or tampered frontend context cannot bypass server-side checks.
- Read-path permission checks. Cross-issue reads (reports, search, progress queries) enforce Jira's
BROWSEpermission so callers cannot enumerate data they wouldn't normally see.
Per-app access controls
| App | Admin functions | User functions |
|---|---|---|
| AutomationEngine | Create, edit, delete, enable/disable rules (admin-only) | View execution logs (admin-only) |
| ChecklistPro | Create, edit, delete templates (admin-only) | Add/toggle checklist items (issue-level, canViewIssue checked) |
| TimeTracker Pro | Settings, approver list, reports (admin-only) | Log time (own entries), submit timesheet; approve/reject (approver allowlist only) |
Data handling
- Encryption at rest: Forge Storage is encrypted at rest using Atlassian's encryption infrastructure.
- Encryption in transit: All communication between your browser, Atlassian's cloud, and the Forge runtime uses TLS.
- No backups on our side: We do not maintain copies of your data. Backups are handled by Atlassian's infrastructure.
- Uninstall = delete: Uninstalling a NovaCraft Tools app removes all associated Forge Storage data from your tenant.
- No AI/ML: We do not use your data for training, analytics, or any form of machine learning.
Compliance
By running on Forge, NovaCraft Tools inherits Atlassian's compliance posture:
- SOC 2 Type II — inherited from Atlassian Cloud
- ISO 27001 — inherited from Atlassian Cloud
- GDPR — no personal data processing beyond Atlassian account IDs; see our Privacy Policy
- CCPA — we do not sell personal information
- Atlassian Marketplace security review — all apps are built to Atlassian's Marketplace security review requirements (automated scans + manual review) and will pass review prior to public listing
Input validation and safety
- AutomationEngine: Sensitive-field denylist prevents
set_fieldfrom writingreporter,creator,security,summary,description, internal dotted paths, and underscore-prefixed fields. Enforced at save time and execute time. Per-rule execution timeout (10s) prevents runaway rules. - ChecklistPro: Special characters (
:,/,.,\) rejected in template categories to prevent storage-key namespace aliasing. Item counts enforced per-checklist. - TimeTracker Pro: Optimistic-concurrency tokens on approve/reject/resubmit prevent race conditions. Max daily hours cap with timezone-aware boundary detection. Approver allowlist is fail-closed (empty list = no approvals possible).
Vendor information
| Detail | Value |
|---|---|
| Vendor name | NovaCraft Tools |
| Country | United States |
| Governing law | United States — jurisdiction stated in the Terms of Service |
| Support hours | US business hours (Monday–Friday), with 48-hour response target globally |
| Support email | [email protected] |
| Privacy inquiries | [email protected] |
| Legal | [email protected] |
| Support SLA | 48-hour response target (Standard); 4-hour Sev 1 response (Enterprise) |
| Privacy Policy | novacraft.tools/privacy |
| Terms of Service | novacraft.tools/terms |
Questions?
If you have security questions, need a completed security questionnaire, or want to discuss enterprise requirements, email us at [email protected].