Security

SynapseWorks is built on Atlassian Forge with a security-first posture. Data moves through a narrow, auditable path.

Security contact

Email: [email protected]

Data flow

• Jira → Forge: Issue context and appUserToken remain inside Atlassian's cloud.
• Forge → SynapseWorks backend: Scoped request to generate BDD scenarios and prepare subtasks.
• SynapseWorks backend → Jira: Subtasks are created in your project; results are returned to the Forge UI.

Logging and token handling

• No Jira credentials are stored; authentication uses Forge-issued appUserToken and scoped permissions.
• Operational logs exclude secrets and are retained only for troubleshooting and security review.
• Transport is enforced over TLS; access to processing services is limited to required scopes.

Responsible disclosure

If you discover a vulnerability, please contact [email protected] with details and steps to reproduce. We request a reasonable time to investigate and remediate before public disclosure.