Security Policy
Last updated: January 31, 2025
1. Introduction
JetHeads is committed to ensuring the security and integrity of its Forge-based SaaS offerings. This Security Policy outlines the measures, practices, and guidelines implemented to safeguard the security of our applications and promotional website.
2. Information Security Management
2.1 Scope
This policy covers all aspects of security, including Forge applications, promotional website operations, and related systems managed by JetHeads.
2.2 Compliance
JetHeads adheres to industry best practices and ensures compliance with Atlassian security requirements. Our security measures are designed to protect against unauthorized access, vulnerabilities, and cyber threats.
3. Forge Application Security
3.1 Data Handling
JetHeads’ Forge applications run entirely within Atlassian’s cloud infrastructure and do not access, store, or process any customer data. All data remains within Atlassian’s secure environment, and JetHeads has no access to user data.
3.2 Authentication and Authorization
All authentication and authorization mechanisms are managed by Atlassian. JetHeads does not handle user credentials, sign-ups, or logins.
3.3 Security Updates and Patching
JetHeads follows Atlassian’s security guidelines and deploys updates in compliance with Forge security best practices. Any vulnerabilities identified in Forge applications are addressed promptly.
4. Promotional Website Security
4.1 Data Collection
The JetHeads promotional website does not collect personal user data. However, it utilizes analytics, marketing, and remarketing tools to optimize the user experience. Data collection is limited to non-personal usage information.
4.2 Third-Party Services
JetHeads may use third-party service providers for analytics and marketing purposes. These providers operate under their respective privacy policies, and JetHeads ensures compliance with applicable data protection regulations.
5. Access Control
5.1 Internal Access Restrictions
Access to JetHeads’ internal systems is limited to authorized personnel based on the principle of least privilege. Multi-factor authentication (MFA) is enforced where applicable.
5.2 Account Management
JetHeads maintains strict controls over internal user accounts. Access reviews are conducted periodically to ensure that only necessary personnel have permissions.
6. Incident Response and Management
6.1 Incident Reporting
Employees and partners are trained to recognize and report security incidents. JetHeads has an incident response process to promptly investigate and mitigate security threats.
6.2 Communication
In the event of a security incident related to our promotional website, JetHeads will notify affected parties as required by applicable laws and regulations.
7. Security Awareness Training
All JetHeads employees undergo regular security training to stay informed about cybersecurity risks, secure development practices, and compliance requirements.
8. Continuous Improvement
JetHeads regularly reviews and updates its security policies and practices to address evolving threats and align with industry standards.
9. Conclusion
This Security Policy reflects JetHeads’ commitment to maintaining a high standard of security. Employees, contractors, and partners are expected to comply with this policy to ensure the ongoing security and integrity of JetHeads’ applications and website.
