SyncUp runs entirely within the Atlassian Forge platform. No external servers, no third-party APIs, no data leaving the Atlassian cloud. Your sprint data stays where it belongs.
Last updated: May 2026
Unlike many Marketplace apps, SyncUp has no external backend, no cloud rendering service, and no third-party API calls. Everything runs within Atlassian's Forge sandbox.
SyncUp only reads your Jira data — it cannot modify, delete, or create any issues, sprints, or boards. The minimum possible permission footprint.
SyncUp never stores your issue descriptions or comments. Only aggregated sprint metrics are persisted. Your data is analyzed in-memory and immediately discarded.
We do not collect, store, or process any personal user data. No analytics, no tracking, no advertising — ever.
How SyncUp accesses, processes, and stores data
SyncUp reads your Jira sprints and issues through official Atlassian APIs within the Forge sandbox. Data is analyzed in-memory using our proprietary analysis engine.
Only aggregated, numerical metrics are stored in Forge SQL. No raw issue content, no user data, no content copies.
Metrics are displayed in the app's project page. All data remains within the Atlassian cloud environment at all times.
| Data Type | Location | Retention | Encrypted |
|---|---|---|---|
| Aggregated sprint metrics | Forge SQL (Atlassian cloud) | Until app is uninstalled | ✅ At rest & in transit |
| Velocity history | Forge SQL (Atlassian cloud) | Until app is uninstalled | ✅ At rest & in transit |
| App configuration | Forge App Storage | Until app uninstalled | ✅ At rest & in transit |
| Raw issue content | — | — | Not stored |
| Personal user data | — | — | Not collected |
Third-party services involved in data processing
| Service | Provider | Purpose | Data Location | Data Stored |
|---|---|---|---|---|
| Atlassian Forge | Atlassian | App runtime, SQL database, storage | Per customer's Atlassian data residency | Aggregated metrics, app config |
SyncUp uses no other sub-processors. There are no external APIs, no cloud rendering services, and no third-party data processing of any kind.
Every permission explained
SyncUp requests only read scopes. No write permissions, no admin permissions, no delete access.
Measures we implement to protect your data
How we handle security incidents and vulnerabilities
Report a security issue: support@bytera.tech — Subject: "Security Incident" or "Vulnerability Report"
Support Portal: Bytera Support
| Phase | Action | Timeline |
|---|---|---|
| Acknowledgment | Confirm receipt and assign severity level | Within 24 hours |
| Triage | Assess scope, impact, and affected systems | Within 48 hours |
| Containment | Isolate affected components; disable features if necessary | Immediate upon confirmation |
| Remediation | Develop and deploy a fix | Based on severity |
| Notification | Notify affected customers with details and remediation steps | Within 72 hours of confirmation |
| Post-Mortem | Document root cause, lessons learned, and preventive measures | Within 2 weeks |
| Severity | Description | Target Resolution |
|---|---|---|
| Critical | Active exploitation, data breach, or complete service compromise | Within 24 hours |
| High | Vulnerability with significant impact potential but no active exploitation | Within 72 hours |
| Medium | Vulnerability with limited impact or requiring specific conditions | Within 1 week |
| Low | Minor issue with minimal security impact | Next scheduled release |
Our severity timelines align with the Atlassian Security Bug Fix Policy for Marketplace Partners.
Regulatory and platform compliance
Bytera follows data minimization and purpose limitation principles. Since SyncUp has no external sub-processors and stores no personal data, the compliance surface is minimal.
SyncUp adheres to all Atlassian Marketplace Partner requirements for security, privacy, and the Security Bug Fix Policy.
By building on Forge, SyncUp inherits Atlassian's SOC 2 Type II certified infrastructure controls and benefits from their security-first platform architecture.
No. SyncUp analyzes sprint and issue data in-memory and only stores aggregated numerical metrics. Your issue descriptions, comments, and attachments are never copied, stored, or persisted.
No. SyncUp runs entirely within the Atlassian Forge platform. There are no external API calls, no external backends, and no data transmission outside of Atlassian's infrastructure.
No. SyncUp has strictly read-only access. It cannot create, modify, or delete any issues, sprints, or project configurations in your Jira instance.
Yes. Since we don't store personal data and have no external sub-processors, the compliance surface is minimal. Users can request data access, correction, or deletion at any time.
All app-related data (sprint snapshots, velocity history, configuration) is automatically removed by the Atlassian Forge platform. No residual data remains.
Please contact us immediately at support@bytera.tech with the subject line "Security Concern". We respond within 24 hours.
We're committed to transparency. If you have any questions about our security practices, data handling, or need additional information for your security review, please don't hesitate to contact us.