Product Guides & Tutorials

Everything you need to know about buying, using, and customizing Task Hub for Jira Plugin.

Get started today

Security Policy

Effective Date: May 8, 2026

C4F Technology (“C4F Technology”, “we”, “our”, or “us”) is committed to protecting the security, confidentiality, and integrity of customer data processed through our applications and services, including applications distributed through the Atlassian Marketplace.

This Security Policy describes how our applications handle data, what permissions are required, and the safeguards we implement to protect customer information.

Company Information

C4F Technology
29 Street 49, Ward Tan Phong, District 7
Ho Chi Minh City, Ho Chi Minh 70000
Vietnam

Email: privacy@c4ftech.com
Phone: +84 908 052 253

Website: C4F Technology

Data Storage and Processing

End-User Data Storage

Our applications do not store End-User Data outside of Atlassian apps and services.

“End-User Data” refers to any data, content, or information accessed, collected, or processed by our applications in connection with the use of the Atlassian Marketplace.

End-User Data Processing

Our applications do not process End-User Data outside of:

  • Atlassian apps and services, or
  • The end user’s browser

except where processing occurs within Atlassian’s Forge platform and infrastructure.

Logging

Our applications do not log End-User Data.

Additionally:

  • We do not store End-User Data in logs outside of Atlassian apps and services.
  • We do not share logs containing End-User Data with third-party entities.
  • Sharing logs containing End-User Data is not required for application functionality.

Data Egress

Our applications do not expose remote REST APIs for integration with external tools or third-party systems.

No End-User Data is transmitted to or stored in external infrastructure controlled by C4F Technology.

Data Residency

Our applications do not store End-User Data outside of Atlassian infrastructure. Therefore, separate data residency options are not applicable.

All data handling and storage are governed by Atlassian’s Forge platform and infrastructure policies.

Atlassian Forge Platform

Our applications are built using the Atlassian Forge platform, which provides:

  • Hosted execution environments
  • Authentication and authorization controls
  • Secure storage services
  • Platform-level isolation and security protections
  • Managed infrastructure operated by Atlassian

For more information about Atlassian Forge security practices, please refer to:
Atlassian Forge Security Overview

Permissions and Access Scopes

Our applications request only the minimum permissions necessary to provide app functionality.

Permissions Used

manage:jira-configuration

  • Read workflow statuses
  • Read issue link types
  • Configure board columns
  • Support issue-linking functionality

read:jira-user

  • Display assignee names and avatars
  • Search users for assignee filtering
  • Configure board access permissions


write:issue:jira-software

  • Persist drag-and-drop issue ranking
  • Update story points and time estimates inline

read:servicedesk-request

  • Read Jira Service Management request types
  • Support inline issue creation for service desk projects


storage:app

  • Store board configuration data, including:
  • Columns
  • Swimlanes
  • Filters
  • Card colors
  • Access roles
  • View preferences

This data is stored using Atlassian Forge storage services.

read:jira-work 

  • Fetch Jira issues using JQL
  • Read issue fields such as:
  • Status
  • Assignee
  • Priority
  • Labels
  • Sprint data
  • Estimates
  • Power Board, List, and Calendar views

write:jira-work

  • Create and edit issues
  • Transition issues
  • Add comments
  • Log work
  • Link issues
  • Delete issues when authorized


Authentication and Credentials

Our applications do not require end users to provide:

  • Atlassian Personal Access Tokens (PATs)
  • User account passwords
  • Shared secrets
  • External API credentials

Authentication and authorization are managed through Atlassian’s secure OAuth and Forge platform mechanisms.

Third-Party Sharing

C4F Technology does not sell customer data.

We do not share End-User Data with third-party entities except where required by law or explicitly authorized by the customer.

Security Controls

We implement reasonable administrative, technical, and organizational safeguards designed to protect data and application integrity, including:

  • Principle of least privilege
  • Access control restrictions
  • Secure authentication mechanisms
  • Dependency management and patching
  • Secure development practices
  • Monitoring for unauthorized access attempts
  • Platform-managed infrastructure security through Atlassian Forge

Compliance Certifications

At this time, C4F Technology does not maintain formal compliance certifications such as ISO 27001, SOC 2, or similar frameworks.

However, we continuously review and improve our security practices and rely on Atlassian Forge platform security controls where applicable.

Incident Response

In the event of a security incident or suspected unauthorized access, we will:

  • Investigate the issue promptly
  • Mitigate identified risks
  • Coordinate with Atlassian where applicable
  • Notify affected parties when required by law or contractual obligations

Policy Updates

This Security Policy may be updated periodically to reflect operational, legal, or security changes.

The updated version will be published on our website with a revised effective date.

Contact Information

If you have any questions regarding this Security Policy or our security practices, please contact:

C4F Technology
29 Street 49, Ward Tan Phong, District 7
Ho Chi Minh City, Ho Chi Minh 70000
Vietnam

Email: security@c4ftech.com
Phone: +84 908 052 253

© 2026 C4F. Created for free using WordPress and Colibri