Security · Privacy · Compliance · Last updated: June 2026
QR Hub for Jira is built entirely on Atlassian Forge — Atlassian's secure, serverless app platform. This page documents everything you need to know about how the app handles data, what it can access, and what security guarantees are in place.
🔒 QR Hub for Jira has no external servers, no external APIs, and no data egress of any kind. All computation happens inside Atlassian's platform.
QR Hub for Jira runs entirely on Atlassian Forge infrastructure. There are no Agilva-controlled servers, no external APIs, and no egress of any kind. All computation happens inside Atlassian's platform — the same infrastructure that powers Jira itself.
This means the security posture of QR Hub for Jira is directly tied to Atlassian's own enterprise-grade security programme, including SOC 2 Type II and ISO 27001 certifications.
The only data persisted by QR Hub is the dashboard gadget URL, stored via storage:app within Atlassian Forge. No user data, issue content, or URLs are transmitted to any Agilva-controlled server.
QR code images are generated entirely in the browser using the encoded URL. No image data is sent to any server at any point.
QR Hub for Jira requests only the permissions strictly necessary for its function. We do not request write access to issues, projects, or any Jira configuration.
All permission scopes are listed in the Scopes Table below.
QR Hub for Jira stores only one piece of data:
storage:app in Atlassian Forge Storage. This URL persists until the gadget is removed or the URL is updated by a user.The following data is explicitly not stored:
When the app is uninstalled, all Forge Storage data is automatically deleted by Atlassian's platform.
Because QR Hub for Jira runs on Atlassian Forge, it inherits Atlassian's enterprise compliance certifications by virtue of the platform:
Atlassian's full compliance documentation is available at atlassian.com/trust.
The following OAuth scopes are requested by QR Hub for Jira:
| Scope | Purpose | Access |
|---|---|---|
read:jira-work |
Read issue key and URL for QR generation | Read only |
storage:app |
Store dashboard gadget URL in Forge Storage | App-scoped only |
No write scopes, no admin scopes, no user identity scopes are requested.
To report a security concern or vulnerability, contact us directly and note "Security Disclosure" in your message. We aim to respond within one business day.
For Agilva's full security policy including our secure development practices and incident response process, see the Security Policy page.