Last updated June 2, 2026
AdminLedger for Jira Security Policy
AdminLedger for Jira is a Forge app by Elevara. This policy summarizes the app's current security posture and how customers can report security concerns.
Architecture
- AdminLedger is hosted on Atlassian Forge.
- The app does not use an external Elevara backend in v1.
- The app does not call external AI services in v1.
- The app does not expose remote REST APIs for third-party integrations.
- App permissions are declared through the Forge manifest and Atlassian OAuth scopes.
Data Handling
AdminLedger processes Jira administration metadata and optional Confluence report metadata to create admin review findings, CSV exports, scan history, and optional Confluence reports.
- App settings, latest scan reports, and recent scan summaries are stored in Forge storage.
- Recent scan history is capped at 12 summaries.
- AdminLedger does not intentionally collect Jira issue body content, attachments, passwords, payment card data, or external customer system data.
- AdminLedger v1 does not send customer data to external analytics tools, external AI services, or third-party infrastructure.
Access And Secrets
- AdminLedger uses Atlassian Forge authentication and authorization.
- The app does not require customers or end users to provide Atlassian Personal Access Tokens, passwords, or shared secrets.
- AdminLedger v1 is report-first and non-destructive. It does not delete fields, change permissions, remove users, rewrite workflows, or take automatic cleanup actions.
Vulnerability Management
Elevara reviews dependency and app security issues before public releases. Security reports are triaged by severity, and confirmed critical issues are prioritized for remediation.
- Critical security reports should receive initial acknowledgement within two business days.
- Confirmed critical issues are remediated as quickly as practical.
- Release notes will mention security-relevant customer action when applicable.
Report A Security Issue
To report a security concern, use the Elevara support form and choose the security-related subject. Please include a clear description, reproduction steps, affected site or app context where safe to share, and your contact information.