Security Policy

At Yamuno, the trust and security of our customers are top priorities. We design our apps for Atlassian Marketplace and monday.com Apps Marketplace with a strong commitment to data privacy, secure architecture, and responsible development practices.

This security policy applies to all our applications across both platforms, including:

Atlassian Marketplace Apps:

  • Markdown Importer for Confluence
  • Markdown Renderer for Confluence
  • Advanced Attachment Manager for Confluence
  • Charts - Reports and Graphs for Jira Dashboard

monday.com Apps:

  • Markdown Exporter for monday.com

🔐 Data Handling and Storage

Atlassian Marketplace Apps

  • We do not store or process any End-User Data outside of Atlassian's infrastructure.
  • All content rendered or processed by our Atlassian apps remains within the Atlassian ecosystem.
  • Our apps are built on the Atlassian Forge platform, ensuring data stays within Atlassian's secure infrastructure.

monday.com Apps

  • We do not store or process any End-User Data outside of monday.com's infrastructure.
  • All content processed by our monday.com apps remains within the monday.com ecosystem.
  • Data processing follows monday.com's security standards and protocols.

General Data Protection

  • No external servers are used to store, transmit, or cache user-generated content.
  • We do not log or collect any personally identifiable information (PII) or document content.
  • All data remains within the respective platform's secure environment.

⚙️ Application Security

  • Our apps operate entirely within their respective platform environments:
    • Atlassian apps run within Confluence, Jira, and other Atlassian products
    • monday.com apps run within the monday.com platform
  • We follow the principle of least privilege — our apps request only the permissions necessary to function.
  • We do not integrate with or transmit data to third-party services.
  • Authentication and authorization are managed by the respective platforms (Atlassian or monday.com).

🔄 Data Residency and Compliance

Platform Compliance

  • Atlassian Apps: All processing occurs within Atlassian's cloud infrastructure, complying with Atlassian's data handling policies. Data residency follows your Atlassian Cloud instance settings.
  • monday.com Apps: All processing occurs within monday.com's infrastructure, complying with monday.com's data handling policies.

Regulatory Compliance

  • We do not currently support additional data residency options beyond those provided by the respective platforms.
  • Our organization is not a data controller or processor under GDPR, nor a business/service provider under CCPA in relation to these apps.
  • Data protection is managed by Atlassian and monday.com in accordance with their respective compliance certifications.

🛠 Vulnerability Management

  • We monitor and address potential vulnerabilities on a continuous basis.
  • If a security issue is reported, we aim to investigate and resolve it as quickly as possible.

📢 Reporting Security Issues

If you believe you've found a security vulnerability in one of our apps, we encourage responsible disclosure. Please contact us at:

📧 [email protected] or visit our Support Portal

Include a detailed description of the issue, steps to reproduce it (if applicable), and any supporting materials. We aim to respond within 72 hours.

📄 Compliance and Certifications

  • Atlassian Apps are built in compliance with the Atlassian Marketplace Partner Agreement.
  • monday.com Apps are built in compliance with monday.com's app development guidelines and marketplace terms.
  • We follow industry best practices in secure development and deployment across all platforms.
  • Security standards are maintained in accordance with both Atlassian and monday.com platform requirements.

Last updated: May 1, 2025