top of page
Balanced Objects

Security Statement

Last updated: December 24, 2025

This Security Policy describes the security practices used by Lee Phillips, doing business as Kiss Tools (“we”, “us”, or “our”) for the KISS Sprint Planner application published on the Atlassian Marketplace.

1. Application Architecture

KISS Sprint Planner is built using Atlassian Forge and runs entirely on Atlassian-managed infrastructure.

  • The app does not operate its own servers

  • The app does not host external databases

  • The app does not transmit Jira data to external systems

  • All app execution occurs within Atlassian’s security boundary

2. Data Access Controls

  • Jira data is accessed only after explicit user action

  • Access is limited to the minimum data required for functionality

  • No background, scheduled, or automated data collection occurs

  • All access is governed by Atlassian’s permission model

3. Data Storage and Retention

  • No Jira data is persisted or stored outside Atlassian systems

  • No customer data is copied, exported, or replicated

  • Temporary in-memory processing may occur during app execution

  • Contact or support request data is stored separately and used only for support purposes

4. Authentication and Authorization

  • Authentication is handled entirely by Atlassian

  • The app relies on Jira user identity and permissions

  • No additional authentication credentials are collected or stored

  • Access to app functionality respects Jira role-based permissions

5. Network Security

  • The app does not expose public endpoints

  • The app does not accept inbound connections from external sources

  • All network communication occurs within Atlassian Forge infrastructure

6. Third-Party Services

  • No third-party services or APIs are used by the app

  • Google Analytics is used only on the public website, not within the app

  • No third-party tracking or advertising services are used in the app

7. Secure Development Practices

We follow reasonable secure development practices, including:

  • Least-privilege access to Jira data

  • Avoidance of unnecessary data collection

  • No hardcoded secrets or credentials

  • Use of Atlassian-provided security controls and APIs

8. Vulnerability Management

  • We monitor security advisories related to Atlassian Forge

  • Security issues reported to us are reviewed and addressed promptly

  • If a confirmed security vulnerability affects customers, we will take appropriate remediation steps

Security contact:
📧 support@kisstools.net

9. Incident Response

In the event of a security incident:

  • We will assess the scope and impact promptly

  • We will take reasonable steps to contain and remediate the issue

  • We will cooperate with Atlassian as required

  • Affected customers will be notified when appropriate

10. Customer Responsibilities

Customers are responsible for:

  • Managing Jira user access and permissions

  • Ensuring appropriate internal security controls

  • Using the app in accordance with Atlassian’s acceptable use policies

11. Policy Updates

This Security Policy may be updated periodically to reflect changes in practices or requirements. Updates will be reflected by the “Last updated” date above.

12. Contact

For security-related questions or concerns, contact:

Lee Phillips, dba Kiss Tools
📧 support@kisstools.net

bottom of page