Jira Reminders — Security & Privacy¶
Jira Reminders takes the security and privacy of your data seriously. This document outlines the permissions we request, the information we store, and the internal security controls we maintain.
1. Permissions We Request¶
1.1 Slack Account Permissions¶
| Scope Name | Purpose |
|---|---|
commands |
Add the “Create a Reminder” shortcut. |
chat:write.public, chat:write |
Post reminder messages in public channels and private channels where the app is invited. |
users:read |
Read user timezones to send scheduled messages in their local timezone. |
users:read.email |
Read users and email addresses in Slack to match their Jira accounts. |
im:history |
Read messages in direct messages between users and Jira Reminders (e.g., “help”). |
links:read, links:write |
Detect posted Atlassian URLs and display previews. |
1.2 Jira Account Permissions¶
| Scope Name | Purpose |
|---|---|
Jira-work read |
Read issue data and perform queries needed for configured reminders. |
jira-user |
Read user name and ID information. |
2. Information We Store¶
All customer data is encrypted in transit and at rest, and securely stored on our hosting provider’s infrastructure for redundancy and availability.
| Data | Purpose |
|---|---|
| User’s name | Address users by name in emails. |
| Email address | Billing emails, welcome messages, and communication. |
| Workspace name | Display connection information on jirareminders.com. |
| Jira domain name | Display connection information on jirareminders.com. |
| Reminder configuration (Jira project key, name) | Display and manage reminder configuration. |
| Timezone | Schedule reminders in the local timezone. |
| Custom JQL query | Query Jira based on the user’s configuration. |
Note: We do not store any Jira issue data in persistent storage. Issue data is processed in memory only.
3. Internal Security Practices¶
Jira Reminders maintains practical but robust security controls appropriate for a focused, dedicated operation.
3.1 Incident Handling¶
- Continuous monitoring of service availability and errors.
- Defined procedures to address potential security or service issues.
- Documentation of incidents and remediation actions.
- Customer notifications if data is affected.
3.2 Access Control¶
- Only authorized credentials can access operational systems.
- Multi-factor authentication enabled wherever possible.
- Access restricted to the minimum necessary for maintaining the service.
3.3 Data Backup & Recovery¶
- Regular backups of configuration and essential operational data.
- Backups stored securely with redundancy.
- Procedures in place to restore service in case of outages.
3.4 Development & Operations¶
- Code is reviewed and tested before deployment.
- Sensitive credentials are securely managed.
- Logs maintained for debugging, monitoring, and security.
3.5 Vendor & Third-Party Services¶
- Hosting provider, Slack, Jira, and OpenAI are trusted vendors with strong security practices.
- Data shared with these services is limited to what is required for functionality.
3.6 Privacy Practices¶
- Data collection is minimized to only what is required for service operation.
- Customers can request export or deletion of configuration data.
- AI features using OpenAI do not retain data after generating outputs.
4. Data Archiving or Removal¶
Customers may request deletion of stored configuration data at any time by emailing support@jirareminders.com.
Jira issue data is never stored in persistent storage.
5. Contact Information¶
For privacy or security inquiries:
- Support: support@jirareminders.com
- Data Protection Officer (DPO): dpo@jirareminders.com