Effective date: 10 May 2026 Last updated: 10 May 2026
This Security Policy describes how the BulkOps for Jira application (“BulkOps”, “the App”) is built, deployed, and maintained from a security standpoint, and how to report a security issue to us.
The App is published by IT Superhighway Inc. (“we”, “us”). It is distributed exclusively through the Atlassian Marketplace and runs on the Atlassian Forge platform.
BulkOps is a pure Atlassian Forge app. It has no servers, infrastructure, or storage operated by IT Superhighway Inc.
Because BulkOps inherits the security properties of the Forge platform, it benefits from Atlassian’s underlying controls including infrastructure security, network segmentation, encryption at rest, vulnerability management of the runtime, and physical data-centre security. See the Atlassian Trust Center and Forge security model for details on the platform layer.
| Data | Location | Encryption |
|---|---|---|
| App-persisted data (presets, scheduled operations, audit logs) | Atlassian Forge KVS | At rest by Atlassian; in transit by TLS |
| In-memory issue data during a bulk operation | Forge runtime sandbox | In transit by TLS; not persisted by the App |
| Authentication tokens / credentials | Not stored. The App does not handle credentials directly. | n/a |
The App processes only data that the signed-in user is already authorised to access in Jira. It does not export data, replicate data outside the Forge environment, or share data with third parties.
For a complete description of what data is stored and for how long, see the Privacy Policy.
manifest.yml):
read:jira-workwrite:jira-workstorage:app