Security Overview

Discord for Jira is built with security as a core principle. We follow a defense-in-depth approach to protect your data.

Infrastructure

Discord for Jira runs on Microsoft Azure with isolated production and development environments. All data is stored in Azure SQL Database with encryption at rest, automated backups, and network isolation.

Credentials and secrets are stored in Azure Key Vault - never in source code. Production uses managed identity authentication. Application Insights provides monitoring with automatic log sanitization to prevent sensitive data exposure.

Authentication

The app inherits Jira's permission model - if a user can't access a project in Jira, they can't access it through Discord. Discord role-based access control adds another layer for command permissions.

Data Handling

We store only what's necessary: IDs, configuration, and metadata. Issue content stays in Jira. Discord message content is not cached (except temporarily for AI-powered field suggestions).

All communication uses HTTPS with TLS 1.2+. JWT parameters and tokens are stripped from logs before storage. We use Jira account IDs rather than names or emails in telemetry.

Atlassian Marketplace

As a Marketplace app, Discord for Jira undergoes Atlassian's security review process and must comply with their security standards. The permission model is transparent - you can see exactly what access the app requests during installation.

View on Atlassian Marketplace

GDPR & Compliance

We're fully GDPR compliant. User data can be deleted on request, and we offer a Data Processing Agreement for customers who need it. Data is stored in Azure's EU regions following Atlassian Cloud data residency policies.

See our Privacy Policy for complete details.

Reporting Vulnerabilities

Found a security issue? Email contact@firnity.com with:

• Description of the vulnerability
• Steps to reproduce
• Potential impact

We aim to respond within 48 hours.