Security Policy
Effective Date: June 2026
AI Governance Hub is committed to protecting customer data and maintaining secure software development, deployment, and incident response practices for its Jira app experience.
1. Security Contact
Report security concerns to security@aigovernancehub.ai. Critical issues are prioritized for same-business-day triage where possible.
2. Website Assessment Security
For guided assessments on this website:
- All uploads validated server-side; work item counts and pricing never accepted from the browser
- Payment verified via Razorpay HMAC before report generation
- Signed download and recovery tokens with expiry
- Rate limiting, correlation IDs, and structured audit logging on API routes
- No payment card, UPI, or banking data stored by AI Governance Hub
3. Responsible Disclosure
If you believe you have discovered a vulnerability in AI Governance Hub, please report it with sufficient detail to reproduce and assess the issue. We request that researchers avoid accessing, modifying, deleting, or sharing customer data and avoid actions that could disrupt customer environments.
4. Forge-Hosted Architecture
AI Governance Hub is built on Atlassian Forge for Jira Cloud. App functionality primarily uses Atlassian-hosted services, Forge storage, Jira APIs, and customer Jira project data required to provide AI governance, review workflow, risk assessment, evidence tracking, audit readiness, and reporting capabilities.
5. Data Handling
The app is designed to store and process End-User Data within Atlassian apps and services. The app does not require customers to provide Atlassian passwords, Personal Access Tokens, or shared secrets for normal operation.
6. Access Control
AI Governance Hub applies role-based access controls for governance actions and validates permissions for user-triggered actions before performing privileged operations where required by Atlassian Marketplace security requirements.
7. Logging and Audit Activity
The app maintains application-level audit activity for governance workflow events, approval actions, evidence updates, risk ticket activity, administrative actions, and configuration changes. Sensitive information such as passwords, API tokens, and credentials should not be logged.
8. Vulnerability Management
Security issues are reviewed based on severity and impact. Critical and high-severity issues are prioritized for remediation and communication in accordance with Atlassian Marketplace vulnerability and incident notification expectations.
9. Incident Response
When a confirmed security incident or critical vulnerability affects the app, we will investigate, remediate, and notify Atlassian and affected customers as appropriate.
10. Security Updates
Security fixes may be released as app updates through Atlassian Marketplace and Forge deployment processes. Customers should keep the app updated to the latest approved version.
11. Contact
For security questions, vulnerability reports, or responsible disclosure, contact security@aigovernancehub.ai.
Responsible disclosure: We welcome good-faith security reports. Do not include live customer data in vulnerability submissions.