Skip to content

Instantly share code, notes, and snippets.

@Akrabut

Akrabut/end-user-terms.md

Created March 9, 2026 19:19
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save Akrabut/88901a12a2b95058e39e1e8b9367280c to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save Akrabut/88901a12a2b95058e39e1e8b9367280c to your computer and use it in GitHub Desktop.
Download ZIP
Jira Permission Auditor legal and support documents
Raw
end-user-terms.md

End User Terms

Last updated: 2026-03-09

These End User Terms govern use of Jira Permission Auditor.

1. License Grant

Subject to an active Atlassian Marketplace license and these terms, you may use Jira Permission Auditor for your internal business purposes with supported Jira Cloud sites.

2. Restrictions

You may not:

  • copy, resell, sublicense, or distribute the app except as allowed by law
  • reverse engineer or attempt to extract source code except where that restriction is unenforceable
  • use the app to violate Atlassian terms, law, or the rights of others
  • interfere with the app, Forge platform limits, or Atlassian services

3. Customer Responsibilities

You are responsible for:

  • maintaining valid Jira Cloud and Atlassian Marketplace access
  • controlling who can access Jira admin functions in your site
  • reviewing exported reports before sharing them outside your organization
  • configuring scan schedules and retention to match your compliance needs

4. Support

Support is provided by email at workaroundapps1@gmail.com. The support process is described at https://gist.github.com/Akrabut/88901a12a2b95058e39e1e8b9367280c#file-support-md.

5. Data and Privacy

Use of the app is also governed by the Privacy Policy at https://gist.github.com/Akrabut/88901a12a2b95058e39e1e8b9367280c#file-privacy-policy-md.

6. Availability and Changes

The app is provided on an "as available" basis. Features may change, improve, or be removed as the product evolves, including changes required by Atlassian platform policies or security obligations.

7. Warranty Disclaimer

To the maximum extent permitted by law, the app is provided without warranties of any kind, whether express, implied, or statutory, including implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

8. Limitation of Liability

To the maximum extent permitted by law, liability arising out of or related to the app will be limited to the amount paid for the applicable license period preceding the event giving rise to the claim. In no event will liability include indirect, incidental, special, consequential, exemplary, or punitive damages, or loss of profits, revenue, goodwill, or data.

9. Termination

These terms end when your Marketplace license ends or your use of the app stops. Sections that reasonably should survive termination remain in effect.

10. Contact

Questions about these terms can be sent to workaroundapps1@gmail.com.

Raw
privacy-policy.md

Privacy Policy

Last updated: 2026-03-09

This Privacy Policy applies to Jira Permission Auditor, an Atlassian Forge app published for Jira Cloud.

1. Controller and Contact

2. Data We Process

The app processes and stores data needed to audit Jira permissions and explain why access was granted. This includes:

  • Jira account IDs and display names
  • Jira group memberships and project-role actor mappings
  • effective permission results, permission change history, and anomaly records
  • app configuration, scan metadata, export-history entries, and admin action audit logs

The app is read-only with respect to Jira configuration. It does not change Jira permissions.

3. Why We Process This Data

We process this data to:

  • build cached permission snapshots for the dashboard
  • generate CSV and PDF audit exports
  • detect permission anomalies and changes between scans
  • provide operational audit trails for admin actions performed inside the app

4. Where Data Is Stored

The app stores data in Atlassian Forge hosted storage:

  • Forge SQL for permission snapshots, lookups, changes, anomalies, and staging tables
  • Forge KVS for configuration, scan metadata, and lightweight audit logs

The app does not intentionally send customer data to external third-party processors.

5. Retention

  • Scan snapshots are retained according to the in-app retention setting.
  • Configuration and audit metadata are retained until changed, deleted through product behavior, or removed as part of privacy maintenance.
  • After uninstall, Forge hosted storage may remain recoverable for a limited Atlassian-managed retention window before permanent deletion.

6. Atlassian Personal Data Reporting

Because the app stores Jira account IDs and display names, it uses Atlassian's privacy reporting flow for stored personal data.

The app periodically:

  • reports stored Atlassian account IDs to Atlassian's privacy API
  • erases stored data for accounts that Atlassian marks as closed
  • erases stored data for accounts that Atlassian marks as updated, so a later scan can repopulate current data from Jira

7. Security

The app runs on Atlassian Forge and uses Atlassian authentication and authorization boundaries. Access to admin-only operations is restricted to Jira admins, and permission scanning uses app-authenticated Jira APIs.

Security contact: workaroundapps1@gmail.com

8. Your Choices and Requests

If you need help with privacy questions related to this app, contact workaroundapps1@gmail.com and include:

  • your Jira site URL
  • the app environment involved
  • the affected Atlassian account ID, if known
  • the request type or issue observed

9. Changes

If this policy changes materially, the updated version will be published with a new "Last updated" date.

Raw
security.md

Security Contact And Disclosure Policy

Last updated: 2026-03-09

Security contact: workaroundapps1@gmail.com

Reporting

Please report suspected vulnerabilities by email and include:

  • affected Jira site or environment
  • reproduction steps
  • impact assessment
  • logs, screenshots, or proof of concept if available

Handling

  • We will acknowledge receipt as soon as reasonably possible.
  • We will investigate, reproduce, and prioritize based on severity and customer impact.
  • We may request additional detail to validate the report.

Disclosure Expectations

Please do not publicly disclose a suspected vulnerability until we have had a reasonable opportunity to investigate and, if needed, ship a fix or mitigation.

Scope Notes

Jira Permission Auditor is a read-only Forge app. It relies on Atlassian Forge hosting, Jira Cloud authentication, and Atlassian-managed infrastructure boundaries for major parts of its runtime security model.

Raw
support.md

Support

Last updated: 2026-03-09

Support contact: workaroundapps1@gmail.com

Scope

Support covers:

  • installation and upgrade issues
  • license-state issues
  • scan failures and unexpected app errors
  • export problems
  • questions about documented product behavior

Response Targets

  • Critical production issue: best effort same business day
  • Standard support request: within 2 business days

What To Include

Please include:

  • Jira site URL
  • environment (staging or production, if known)
  • app page involved
  • timestamp of the issue
  • screenshot or exported error text
  • relevant Atlassian account ID if the issue is user-specific

Exclusions

Support does not include custom feature development, custom compliance advice, or direct administration of your Jira site.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment