Consistent ticket quality at every workflow stage

Request a Demo

Enhance Your Jira Security with AI

Security Statement

At KDDLC AI Solutions (trading as EmbankAI), security and data protection are fundamental to our operations. This Security Statement describes the measures we implement to protect Embank Clarity and your data.
Learn More

Why Security Matters

In today’s digital landscape, safeguarding your Jira instance and AI provider accounts is crucial. EmbankAI is dedicated to providing top-notch security solutions that protect your data and enhance your workflow efficiency. Our mission is to empower teams by ensuring their tools are as secure as they are innovative.

Understanding Shared Responsibility

At EmbankAI, we believe in a collaborative approach to security. Our shared responsibility model ensures that while we manage app security, encryption, and compliance, you focus on user access management and data classification. Together, we create a secure environment that fosters innovation and trust.

User Access Management

Effectively managing user access in Jira is crucial for maintaining security and operational efficiency. Start by defining clear roles and permissions to ensure users have access only to the resources they need. Regularly review and update these permissions to adapt to changes in team structure or project requirements.

Implementing multi-factor authentication (MFA) adds an additional layer of security, protecting your Jira instance from unauthorized access. Encourage users to use strong, unique passwords and provide training on recognizing phishing attempts. By prioritizing these practices, you can safeguard your Jira environment and enhance productivity.

Data Classification

Our Commitment

Industry-standard security practices
Encryption at rest and in transit
Regular security assessments
Transparent incident reporting
Compliance with data protection regulations

Compliance Assurance

Security Statement

Last Updated: January 22, 2026
Version: 1.0

Overview

At KDDLC AI Solutions (trading as EmbankAI), security and data protection are fundamental to our operations. This Security Statement describes the measures we implement to protect Embank Clarity and your data.

Our Commitment:

  • Industry-standard security practices
  • Encryption at rest and in transit
  • Regular security assessments
  • Transparent incident reporting
  • Compliance with data protection regulations
1. Architecture & Data Flow

1.1 Infrastructure

Hosting Environment:

  • Forge App: Hosted on Atlassian’s Forge platform
  • Licensing API: AWS Lambda in EU-Ireland region (eu-west-1)
  • Database: AWS DynamoDB with encryption at rest
  • App Storage: Atlassian Forge storage (encrypted storage capabilities for sensitive values)

Technology Stack:

  • Runtime: Node.js 20.x
  • Framework: Atlassian Forge SDK
  • Backend: AWS Lambda (serverless)
  • Database: AWS DynamoDB (NoSQL)
  • Payments: Stripe (if applicable to your billing flow)

1.2 Data Flow (High Level)

Jira Cloud (Customer Environment)
        ↓
Embank Clarity (Forge App)
        ↓
Customer-selected AI Provider (optional)
        ↓
Jira Cloud (comment posted)

Key Points:

  • Ticket content is processed transiently to generate a review and is not persisted by EmbankAI systems.
  • Ticket content may be sent to your chosen AI Provider (OpenAI / Anthropic / AWS Bedrock) when the feature is enabled by your admin.
  • Our licensing service validates subscriptions and enforces usage limits.
  • All communications use HTTPS/TLS 1.2+.

1.3 Data Egress

  • License checks: Forge App → Licensing API (AWS eu-west-1)
  • AI reviews (optional): Forge App → Customer-selected AI provider
  • Payments (if applicable): Stripe handles payment processing; EmbankAI does not store payment card data
2. Data Protection

2.1 Data Classification

Critical Data (Highest Protection):

  • Customer AI Provider API keys
  • Encryption: AES-256-GCM
  • Storage: Encrypted storage in the Forge environment
  • Access: Encrypted per installation
  • Retention: Deleted within 30 days of subscription cancellation

Sensitive Data (High Protection):

  • Subscription metadata (tenant ID, billing status)
  • Configuration data (project settings, review rules)
  • Usage metrics (counts, timestamps)
  • Encryption: TLS in transit; encrypted at rest
  • Access: Role-based access control (RBAC)

Data We Do NOT Persist:

  • Jira ticket content (descriptions, comments)
  • Attachments or files
  • AI-generated review output outside Jira (feedback remains in Jira as comments)

2.2 Encryption

  • At rest: AES-256-GCM for API keys; AWS-managed encryption for DynamoDB (AES-256)
  • In transit: TLS 1.2+ (HTTPS only)
  • Logging: Secrets and tokens are not written to logs

2.3 Data Isolation

  • Each Jira site (tenant) is logically isolated
  • Tenant ID partitions data and access
  • No cross-tenant access is permitted
3. Access Control

3.1 Authentication

  • Forge App: Atlassian authentication and OAuth 2.0 for Jira API access
  • Licensing API: Bearer token / shared secret between Forge and the API
  • Webhooks: Stripe webhook signature verification (if applicable)

3.2 Authorization

  • Jira Users: Must have Jira permissions to use the app
  • Admins: Settings configurable by Jira admins only
  • Least Privilege: Access granted on a minimum-necessary basis

3.3 App Scopes

  • We request only the Jira/Forge scopes required to provide ticket review and configuration functionality.
  • Scopes are reviewed periodically to maintain least privilege.
4. Application Security
  • Code reviews and branch protection
  • Automated tests and static analysis
  • Dependency scanning and vulnerability alerts
  • Secrets managed via environment variables / secure storage (no hardcoded secrets)
5. Infrastructure Security(555) 123-4567

[/et_pb_blurb]

Email

security@embank.ai

Address

5678 Embank Lane, Suite 200, New York, NY 10001