Security Statement

AutoPrioritizer AI for Jira Cloud

Last updated: April 22, 2026

Architecture Overview

AutoPrioritizer AI is built on Atlassian Forge, Atlassian's serverless app platform. The App runs entirely within Atlassian's infrastructure. There are no external servers, databases, or hosting environments owned or operated by us.

Runtime: Forge functions execute in Atlassian-managed Node.js sandboxed environments (Node.js 22.x).
Frontend: The UI is a Forge Custom UI app served from Atlassian's CDN as static assets.
Storage: All persistent data is stored in Forge Key-Value Store (KVS), an Atlassian-managed, tenant-isolated storage service.
External communication: The only external network call is to Anthropic's Claude API (api.anthropic.com) for AI analysis.

Because the App runs on Forge, we do not manage servers, containers, networking, TLS certificates, or infrastructure patching. Atlassian handles all of this as part of the Forge platform.

Data Flow

The following describes the complete data flow for a prioritization request:

User action (browser)
    |
    v
Forge Custom UI -> Forge Resolver Function
    |                    |
    |                    |-- Reads issue data from Jira (internal Forge-to-Jira call)
    |                    |-- Reads profile/config from Forge KVS
    |                    |-- Sends ticket fields + criteria to Anthropic API (HTTPS)
    |                    |-- Receives AI recommendation from Anthropic API
    |                    |-- Returns recommendation to frontend for user review
    |                    |
    |                    +-- (On user approval) Writes priority field to Jira issue
    v
User sees recommendation, decides whether to apply

Key points:

Ticket data flows from Jira to the Forge function to Anthropic and back. It is never persisted by the App.
The AI response is returned to the user's browser for review. It is not stored.
Priority updates are written back to Jira only when the user explicitly approves them (or when auto-prioritize is enabled by an administrator).

Authentication and Authorization

Jira API Access

The App uses Forge's built-in asApp() authentication mechanism to access the Jira REST API. This means:

The App authenticates as itself (not as a user) using Forge-managed credentials.
No user credentials, OAuth tokens, or Basic auth headers are handled by our code.
Forge manages all token issuance, rotation, and revocation.

Anthropic API Access

The Anthropic API key is provided by the Jira administrator and stored as a Forge encrypted environment variable (set via forge variables set).
The key is available only to backend Forge functions at runtime via process.env. It is never sent to the frontend, never included in API responses to the browser, and never logged.
The key is used solely to authenticate outbound requests to api.anthropic.com.

No Shared Secrets

No API keys, tokens, or secrets are hardcoded in the App's source code.
No credentials are exposed to the frontend Custom UI.
No Basic authentication is used for any purpose.

Data at Rest

The only data persisted by the App is stored in Forge KVS, scoped to the installing Jira instance:

Data	Storage Key Pattern	Contents
Prioritization profile	`profile-{projectKey}`	Criteria weights (numeric), team context (text), priority descriptions (text), custom rules (text), auto-prioritize toggle (boolean)
Quick filters	`filters-{projectKey}`	Array of saved JQL filter snippets and labels
Usage statistics	`stats-{projectKey}`	Total count, monthly usage counts, session history (timestamps and counts), monthly active user lists (account IDs for quota calculation)

What is NOT stored:

Ticket content (summaries, descriptions, comments) -- never stored.
AI responses (priority recommendations, reasoning) -- never stored.
Anthropic API key -- stored by Forge as an encrypted environment variable, not in KVS.
User credentials or session tokens -- managed entirely by Forge/Atlassian.

Forge KVS data is encrypted at rest by Atlassian and is tenant-isolated. For details, see Atlassian Forge data storage documentation.

Data in Transit

All network communication uses encrypted channels:

Path	Protocol	Details
Browser to Forge UI	HTTPS	Standard Atlassian-managed TLS
Forge function to Jira API	Internal	Forge-to-Jira calls are internal to Atlassian's infrastructure and do not traverse the public internet
Forge function to Anthropic API	HTTPS/TLS	Outbound request to `api.anthropic.com` over TLS 1.2+

No data is transmitted over unencrypted channels.

Input Sanitization

The App sanitizes all Jira issue data before sending it to the Anthropic API:

HTML stripping: All HTML tags are removed from descriptions and comments using regex-based stripping before transmission.
Whitespace normalization: Consecutive whitespace is collapsed to single spaces.
Description truncation: Issue descriptions are truncated to 2,000 characters maximum.
Comment truncation: Individual comments are truncated to 600 characters maximum.
Comment limiting: Only the 3 most recent comments are included per issue.
Batch size limiting: Batch requests process a maximum of 15 issues per API call and 100 issues per search query.

These measures reduce the risk of prompt injection, limit data exposure, and keep API payloads to the minimum necessary for analysis.

Permissions

The App requests the minimum Atlassian scopes required for its functionality:

Scope	Purpose	How It Is Used
`read:jira-work`	Read issue fields for AI analysis	Reads summary, description, labels, components, issue type, priority, status, and comments. Used during prioritization requests and issue searches.
`write:jira-work`	Update issue priority	Writes only to the `priority` field on Jira issues. No other fields are modified. All writes require explicit user approval (or admin-enabled auto-prioritize).
`storage:app`	Persist App configuration	Stores prioritization profiles, quick filters, and usage statistics in Forge KVS.

External fetch permissions

The App is authorized to make outbound HTTP requests only to:

api.anthropic.com -- Anthropic's Claude API for AI analysis.

No other external domains are contacted. This is enforced by the Forge platform based on the App's manifest declaration.

Third-Party Dependencies

Dependency	Purpose	Data Shared
Anthropic Claude API	AI-powered ticket analysis	Issue fields (summary, description, labels, components, comments, type, status, current priority) and team prioritization criteria

What is NOT used:

No analytics or telemetry services.
No advertising or tracking pixels.
No error reporting services that transmit data externally.
No CDNs or asset hosts beyond Atlassian's Forge infrastructure.

Anthropic does not use API inputs or outputs to train its models (per their API Terms of Service).

Forge Security Model

Because the App runs on Atlassian Forge, it benefits from Forge's built-in security controls:

Sandboxed execution: Forge functions run in isolated, stateless containers managed by Atlassian.
Permission enforcement: Scopes declared in the manifest are enforced by the Forge runtime. The App cannot access APIs or data beyond its declared permissions.
Egress control: Outbound network requests are restricted to domains explicitly listed in the manifest (api.anthropic.com only).
Tenant isolation: Forge KVS data is isolated per Atlassian site. One customer's data cannot be accessed by another.
Automatic updates: The Forge platform handles runtime security patches and Node.js updates.

Vulnerability Reporting

If you discover a security vulnerability in AutoPrioritizer AI, please report it responsibly:

Email: support@autoprioritizer.app
Subject line: Security Vulnerability -- AutoPrioritizer AI

Please include:

A description of the vulnerability.
Steps to reproduce, if applicable.
Any relevant screenshots or logs (with sensitive data redacted).

We will acknowledge receipt within 48 hours and work to address confirmed vulnerabilities promptly. We ask that you not publicly disclose the vulnerability until we have had a reasonable opportunity to address it.

For vulnerabilities in the Atlassian Forge platform itself, please report them through Atlassian's security bug bounty program.

Contact

For security-related questions or concerns:

AutoPrioritizer
Email: support@autoprioritizer.app