Security

Last updated: June 2, 2026

This page describes how Project Commander protects your data. Project Commander is a planning and analysis app for Jira Cloud, built and hosted entirely on the Atlassian Forge platform.

1. Built on Atlassian Forge

Project Commander runs as a Forge app inside Atlassian's own cloud infrastructure. It has no separate servers of its own. This means:

• The app's code runs in Atlassian's secure, sandboxed Forge runtime
• The app inherits Atlassian's platform-level security controls, hosting, and compliance posture
• There is no external backend operated by us where your Jira data could be copied or exposed

2. Data Storage and Isolation

All data the app stores is held in Atlassian Forge storage. It is isolated to your Jira instance and scoped to your Atlassian account.

• Your Jira data is never copied out. Issues, sprints, and board data are read in real time through Atlassian's secure APIs and are not stored by the app outside Atlassian.
• App-created content — team capacity settings, risks, action items, retrospective notes, governance policies, portfolio lists, velocity history, sprint snapshots, and per-user preferences — is stored in Forge storage and stays within Atlassian.
• No external database. Project Commander does not use any database or storage service outside Atlassian.

3. Encryption

• In transit: All communication uses HTTPS/TLS encryption.
• API keys at rest: If you configure an optional AI provider key, it is stored using Forge's encrypted secret storage, separate from regular app storage, and is only retrieved server-side at the moment an AI request is sent.
• At rest: All other app data is protected by Atlassian Forge's platform-level encryption of stored data.

4. Access Control and Least Privilege

The app requests only the Jira permissions it needs to do its job — reading sprints, issues, boards, projects, and user display names, and writing sprint and issue changes you make through the app. Access to your data inside the app is governed by your existing Jira permissions: users only see what their Jira account already allows them to see.

5. Data Egress

Project Commander sends data outside Atlassian in only one situation: the optional AI features, and only when you have enabled them by supplying your own AI provider key. When triggered, planning context is sent to the provider you chose (Anthropic, OpenAI, or Google) so it can generate a response. The app does not send issue descriptions, comments, or attachments, and it does not log or retain prompts or responses. There is no analytics, tracking, or telemetry of any kind. If no AI key is configured, no data ever leaves Atlassian. Full details are in our Privacy Policy.

6. Personal Data Handling

Project Commander implements Atlassian's personal-data reporting process. On a regular schedule it reports to Atlassian which Atlassian accounts it holds data for. When Atlassian notifies the app that an account has been closed, the app automatically erases that person's stored data; when an account's details change, the app refreshes them so it does not keep stale copies.

7. Data Retention and Deletion

App data persists until you remove it through the app or uninstall the app. Uninstalling Project Commander deletes everything it stored in Forge storage — configuration, team capacity, velocity history, snapshots, risks, action items, retrospectives, governance and portfolio data, alert dismissals, the AI enrichment cache, and your AI API key.

8. Website Security

This website applies standard hardening, including a Content Security Policy, clickjacking protection, MIME-type sniffing protection, and a strict referrer policy. The website does not collect personal data.

9. Reporting a Security Issue

We take security reports seriously and will respond promptly. If you believe you have found a vulnerability or have a security concern about Project Commander, please contact us using the details below. Please include enough detail to reproduce the issue, and give us a reasonable opportunity to address it before any public disclosure.