QR Hub for Jira

Trust
Centre

Security · Privacy · Compliance · Last updated: June 2026

Overview

QR Hub for Jira is built entirely on Atlassian Forge — Atlassian's secure, serverless app platform. This page documents everything you need to know about how the app handles data, what it can access, and what security guarantees are in place.

🔒 QR Hub for Jira has no external servers, no external APIs, and no data egress of any kind. All computation happens inside Atlassian's platform.

Runs on Atlassian

QR Hub for Jira runs entirely on Atlassian Forge infrastructure. There are no Agilva-controlled servers, no external APIs, and no egress of any kind. All computation happens inside Atlassian's platform — the same infrastructure that powers Jira itself.

This means the security posture of QR Hub for Jira is directly tied to Atlassian's own enterprise-grade security programme, including SOC 2 Type II and ISO 27001 certifications.

No Data Leaves Atlassian

The only data persisted by QR Hub is the dashboard gadget URL, stored via storage:app within Atlassian Forge. No user data, issue content, or URLs are transmitted to any Agilva-controlled server.

QR code images are generated entirely in the browser using the encoded URL. No image data is sent to any server at any point.

Minimal Permission Scopes

QR Hub for Jira requests only the permissions strictly necessary for its function. We do not request write access to issues, projects, or any Jira configuration.

All permission scopes are listed in the Scopes Table below.

What Data is Stored

QR Hub for Jira stores only one piece of data:

  • The URL entered into the Dashboard Gadget, stored via storage:app in Atlassian Forge Storage. This URL persists until the gadget is removed or the URL is updated by a user.

The following data is explicitly not stored:

  • Issue content, summaries, or field values
  • User identities or Atlassian account IDs
  • QR code images (generated in-browser only)
  • Usage analytics, events, or telemetry of any kind
  • Board or backlog data

When the app is uninstalled, all Forge Storage data is automatically deleted by Atlassian's platform.

Certifications & Compliance

Because QR Hub for Jira runs on Atlassian Forge, it inherits Atlassian's enterprise compliance certifications by virtue of the platform:

  • SOC 2 Type II — Atlassian infrastructure (inherited)
  • ISO 27001 — Atlassian infrastructure (inherited)
  • GDPR — Forge Storage data resides in the same region as your Atlassian site
  • Data Residency — Atlassian Data Residency Programme applies automatically

Atlassian's full compliance documentation is available at atlassian.com/trust.

Permission Scopes

The following OAuth scopes are requested by QR Hub for Jira:

Scope Purpose Access
read:jira-work Read issue key and URL for QR generation Read only
storage:app Store dashboard gadget URL in Forge Storage App-scoped only

No write scopes, no admin scopes, no user identity scopes are requested.

Security Contact

To report a security concern or vulnerability, contact us directly and note "Security Disclosure" in your message. We aim to respond within one business day.

For Agilva's full security policy including our secure development practices and incident response process, see the Security Policy page.