Secure Zona Apps — Security & Privacy

Overview

Our Apps are Confluence Cloud templates for Audit and Security automation”}}. This page explains our security controls, privacy practices, and how to report concerns.

CSP & modern headers OWASP ASVS / Top 10 aligned SDLC Encryption in transit & at rest Least-privilege scopes Formal incident response

Data Handling & Storage

Data Collected

Operational metadata (app configuration, page generation status)
No customer credentials are stored by the app
Content written is stored in Atlasian

Where Data Lives

Confluence Cloud; app storage limited to metadata
No transfer to third-party analytics by default

Access & Identity

Auth via Atlassian platform; no password handling by the app
Least-privilege scopes (e.g., read:space:confluence, write:confluence-content)
Role-based access enforced by Confluence space/page permissions

Encryption

Transport: TLS 1.2+ for all client ↔ Atlassian platform calls
At rest: Data stored in Confluence follows Atlassian’s encryption controls
Secrets: Managed by the platform; rotated per best practice

Secure SDLC

Threat modeling for new features; STRIDE/OWASP guidance
Code review + CI checks (lint, type, unit tests)
Dependency scanning & license compliance
Security headers (CSP, Referrer-Policy, Permissions-Policy)
Infrastructure as code (reviewed changes, least privilege)

Vulnerability Management

Regular dependency updates; criticals patched promptly
Issue intake via info@securezona.com and {{security.txt URL}}
Coordinated disclosure policy; CVE process where applicable

Researchers: please include reproduction steps and affected versions.

Incident Response

24×7 on-call rotation; defined triage/severity matrix
For confirmed incidents: containment → eradication → recovery → post-mortem
Customer notification consistent with legal/contractual obligations

Privacy

Data minimization: app stores only what’s necessary for operation
PII processing governed by {{Your Privacy Policy}} and applicable laws
Data subject rights requests handled via {{DSR contact/process}}

Read our full Privacy Policy: /privacy.html

Compliance & Certifications

Built on Atlassian Forge (inherits Atlassian platform controls)
Practices aligned with ISO/IEC 27001 and ISO/IEC 27701 principles
Additional attestations: {{SOC 2 / ISO 27001 / others}} (if applicable)

Retention & Deletion

Operational metadata retained for {{X}} days; auto-purged thereafter
Content resides in customer’s Confluence; customers manage lifecycle
Deletion on request through {{support channel}}

Sub-processors

We strive to minimize sub-processing. Current list and locations: /subprocessors. Customers will be notified of material changes.

Contact & Reporting

Security & Privacy inquiries: info@securezona.com

Responsible disclosure: publish /.well-known/security.txt at /.well-known/security.txt.

We aim to acknowledge security reports within {{72}} hours.