Embedded Files
- Data Handling Principles
Zero Solutions applications follow strict data minimization principles.
Our applications:
Do not log customer data
Do not store data outside of Atlassian systems
Do not transmit data to external services
Do not share data with third parties
Do not sell customer data
All application functionality is designed to operate entirely within the Atlassian platform.
- Atlassian Forge Security Model
Zero Solutions applications are built using the Atlassian Forge platform.
Forge provides a secure execution environment with the following protections:
Isolation from customer infrastructure
Managed identity and authentication
Fine-grained API permission controls
Atlassian-hosted storage (when used)
Enforcement of scoped access via OAuth 2.0
By leveraging Forge, applications inherit Atlassian’s security controls and infrastructure protections.
- Data Storage and Processing
Zero Solutions does not operate external databases, logging systems, or data pipelines for application data.
Where storage is required, applications rely exclusively on Atlassian-hosted storage mechanisms.
No customer data is stored, processed, or transmitted outside of Atlassian systems.
- Compliance (GDPR, CCPA)
Zero Solutions applications are designed to support compliance with major data protection regulations, including:
General Data Protection Regulation (GDPR)
California Consumer Privacy Act (CCPA)
Because our applications do not collect, store, or process personal data outside of Atlassian systems:
We do not act as a data processor or data controller for customer data
We do not maintain independent data stores containing personal information
We do not transfer data across systems or jurisdictions
All data handling remains within Atlassian’s infrastructure, which is responsible for regulatory compliance and data protection controls.
- Security Controls
Zero Solutions follows industry-standard security practices during development and deployment.
These include:
Principle of least privilege for API scopes
Secure handling of authentication and authorization
Dependency management and regular updates of third-party libraries
Code reviews and controlled deployment processes
Avoidance of unnecessary data access or persistence
Applications are designed to minimize attack surface and reduce exposure to security risks.
- Vulnerability Management
We monitor and maintain application dependencies to address known vulnerabilities.
This includes:
Regular updates to third-party packages
Applying security patches when vulnerabilities are identified
Reviewing dependency advisories and ecosystem alerts
Updates may be deployed without prior notice as part of ongoing maintenance.
- Incident Response
If a security issue or vulnerability is identified, Zero Solutions will:
Investigate the issue
Assess potential impact
Apply remediation as appropriate
Response and remediation are handled on a best-effort basis.
For additional details regarding response expectations, refer to the Service Level Agreement (SLA).
- No External Data Submission
Zero Solutions applications do not send data to external systems, APIs, or services.
There are no:
External analytics tools
Third-party data processors
External logging systems
Outbound data pipelines
All operations occur within Atlassian-managed infrastructure.
- Customer Responsibilities
Customers are responsible for:
Managing access controls within their Atlassian environment
Reviewing application permissions before installation
- Ensuring internal compliance requirements are met
Zero Solutions provides tools that operate within Atlassian, but does not control customer environments or configurations.
- Updates to this Policy
This Security Policy may be updated periodically to reflect changes in our applications or practices.
Updates will be posted on this page.
- Contact
Security inquiries and vulnerability reports: support@zerosolutions.dev
Page updated
Report abuse