Trust statement

Your data never leaves Atlassian.

Our apps run entirely inside Atlassian Forge. That isn't a slogan. It's an architectural fact, and the consequences for your data are concrete.

What we promise

Six guarantees, all enforced by the platform.

Each commitment below is enforced by Atlassian's Forge runtime, not just a policy we hope to follow.

Read-only across all Jira data

Our apps cannot create, modify, or delete any entity in your Jira instance. The Forge manifest declares only read scopes; the platform enforces the rest.

No external network calls

We make zero requests to any third-party endpoint. Your data has no path out of your Atlassian Cloud tenancy because no such path exists in our code.

Data stays inside your tenancy

All processing happens within Atlassian's cloud infrastructure on your account. We don't operate servers that touch your data. Forge does.

Credentials we never see

OAuth tokens and credentials are managed entirely by the Forge runtime. As the app developer, we have no access to your authentication material.

Encrypted at rest and in transit

State is held in Atlassian Forge Key-Value Storage with encryption-at-rest. All connections use HTTPS via Forge's managed platform.

Aggregates only, never PII

We store risk scores, configuration, and timestamps. We never store raw issue content, comments, descriptions, or any personally identifiable information.

Platform foundation

Inherited from Atlassian Forge.

Our apps run on Atlassian's certified infrastructure, inheriting the platform's compliance posture.

SOC 2 Type II ISO 27001 ISO 27018 GDPR processor commitments HTTPS in transit Encryption at rest
Ethical use

A signal for conversations, not a verdict on people.

Designed for team health.

IWRI scores describe project-level patterns over completed sprints. They are screening signals to spark useful conversations between teams and leaders, not diagnoses, and not benchmarks against other companies.

Forbidden uses.

Our terms explicitly prohibit using IWRI scores as the sole or primary basis for performance management, hiring, firing, compensation decisions, or any other adverse employment action. IWRI is not a surveillance tool, and we won't support it being used as one.

Read the source

The full policies, in our own words.

Everything above is documented in the canonical policies below. We don't summarise what we wouldn't say verbatim.

Security policy Forge isolation, scopes, encryption
Privacy policy What we store, what we don't
Terms of service Acceptable use, limitations
Methodology Indicators and reliability
Eligibility criteria Which projects qualify
All policies Canonical documentation hub

Questions about how it works?

If your security team wants a deeper conversation about Forge isolation, data handling, or scoping, we'd be happy to have it.

support@lumenapps.io All contact options