Security Policy

1. Scope

This Security Policy applies to all applications developed and published by Apportunity UG (haftungsbeschränkt) for the Atlassian Marketplace, unless explicitly stated otherwise in product-specific documentation.

This policy reflects the default architecture of our applications, which are primarily built on the Atlassian Forge platform. Certain applications may include additional features or integrations, which will be clearly documented in the respective product documentation.

2. Infrastructure

Our applications are built on the Atlassian Forge platform and operate as extensions within the Atlassian Cloud environment.

Applications are designed to run within Atlassian-managed infrastructure and do not intentionally use external servers, databases, or third-party infrastructure unless explicitly documented.

All compute and storage operations are primarily performed within infrastructure provided by Atlassian Forge.

3. Data Handling

Data Processing

Our applications process data within the context of the Atlassian platform and in accordance with the permissions granted by the user and/or administrator.

Data Egress

Our applications are designed not to transmit customer data outside of Atlassian infrastructure. Any exceptions (for example, integrations, external APIs, or optional features) will be clearly documented in the respective product documentation.

Data Residency

Data is stored and processed within Atlassian-managed infrastructure. Data residency, storage location, and related controls are governed by Atlassian Cloud policies.

Telemetry, Logs, and Usage Data

Our applications may collect limited technical data such as telemetry, logs, and usage statistics for purposes including:

  • maintaining and improving application performance
  • troubleshooting and error resolution
  • ensuring security, integrity, and reliability

Such data is designed, where reasonably possible, to avoid inclusion of sensitive customer content.

Where telemetry or logging involves processing outside Atlassian infrastructure, this will be explicitly documented. Any such processing will be performed in accordance with applicable data protection laws and our Privacy Policy.

Access to Data

We do not intentionally access customer data outside of what is required for the application’s functionality.

Access may occur only where necessary for support, troubleshooting, security, or legal compliance purposes, and only with appropriate authorization and safeguards.

4. Security Model

Platform Security

Our applications rely on the security controls provided by the Atlassian Forge platform, including authentication, authorization, and sandboxing.

Least Privilege Principle

Our applications request only the permissions necessary to deliver their intended functionality.

Shared Responsibility

Security is a shared responsibility between Atlassian, the customer, and Apportunity UG (haftungsbeschränkt). Each party is responsible for the controls within their respective scope.

5. Maintenance and Updates

We deploy updates, improvements, and security patches through the Atlassian Forge platform.

We make commercially reasonable efforts to identify and address security vulnerabilities in a timely manner. However, we do not guarantee uninterrupted, timely, or error-free operation.

6. Product-Specific Security Notes

Some applications may include features that differ from the default architecture described in this policy (for example, external integrations or additional data processing).

In such cases, relevant security and data handling details will be provided in the corresponding product documentation.

7. Limitations and Disclaimer

While our applications are designed in accordance with industry best practices, no system can be guaranteed to be completely secure.

To the maximum extent permitted by applicable law, Apportunity UG (haftungsbeschränkt) disclaims all warranties, whether express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

To the extent permitted by law, Apportunity UG (haftungsbeschränkt) shall not be liable for:

  • vulnerabilities, incidents, or failures within Atlassian Cloud infrastructure
  • customer misconfiguration, misuse, or unauthorized use of the applications
  • failures or actions of third-party systems or services outside our control
  • indirect, incidental, consequential, special, or punitive damages, including loss of data, revenue, or business opportunities

Nothing in this policy excludes or limits liability where such limitation is not permitted under applicable law.

8. Changes to This Policy

We may update this Security Policy from time to time.

The latest version will always be available on our official website. Continued use of our applications constitutes acceptance of the updated policy.

9. Contact and Security Reporting

For security-related questions, concerns, or vulnerability reports, please contact:

We make reasonable efforts to review and address legitimate security reports in a timely manner.