BG Color

Security Policy

Security is a core principle at Valtoric. Our products are designed to operate within the Atlassian ecosystem, leveraging Atlassian Forge infrastructure to ensure a secure, reliable, and compliant foundation. We prioritize minimizing risk, reducing data exposure, and maintaining transparency in how we handle security. Valtoric adheres to Atlassian Marketplace security requirements and best practices.

BG Color

Security Policy

Security is a core principle at Valtoric. Our products are designed to operate within the Atlassian ecosystem, leveraging Atlassian Forge infrastructure to ensure a secure, reliable, and compliant foundation. We prioritize minimizing risk, reducing data exposure, and maintaining transparency in how we handle security. Valtoric adheres to Atlassian Marketplace security requirements and best practices.

BG Color

Security Policy

Security is a core principle at Valtoric. Our products are designed to operate within the Atlassian ecosystem, leveraging Atlassian Forge infrastructure to ensure a secure, reliable, and compliant foundation. We prioritize minimizing risk, reducing data exposure, and maintaining transparency in how we handle security. Valtoric adheres to Atlassian Marketplace security requirements and best practices.

Scope


This policy applies to all Valtoric applications distributed via the Atlassian Marketplace.


Built on Atlassian Forge


Valtoric applications are built on Atlassian Forge, which provides:

  • Data residency and storage managed by Atlassian

  • Encryption at rest and in transit

  • Secure authentication and authorization via Atlassian accounts

  • Isolation from external infrastructure

As a result, Valtoric does not store or process customer data outside of Atlassian-managed environments.


Data Handling Principles


We follow strict data minimization practices:

  • Only the data required to deliver functionality is accessed

  • No unnecessary storage of customer data

  • No sale or sharing of customer data with third parties

  • Sensitive data (e.g., credentials, tokens) is never logged


Security Practices


Valtoric follows modern security best practices, including:

  • Encryption of data at rest and in transit

  • Multi-Factor Authentication (MFA) for all critical systems

  • Controlled deployments using pull request workflows

  • Secure management of secrets and API keys

  • Regular dependency vulnerability checks

  • Application-level logging and monitoring for anomaly detection


Vulnerability Reporting


Contact

Please report any security issues to:

security@valtoric.io


What to include

  • Description of the issue

  • Steps to reproduce

  • Potential impact

  • Supporting materials (screenshots, logs, etc.)


Guidelines

  • Do not publicly disclose the issue before it has been resolved

  • Do not access or modify data that does not belong to you

  • Perform testing only on systems you are authorized to use


We prioritize vulnerabilities based on severity (critical, high, medium, low), with critical issues addressed as highest priority.


Response Commitment


Valtoric follows a structured response process:

  1. Acknowledgement
    Reports are acknowledged within 48 hours

  2. Assessment
    We evaluate severity, impact, and scope, and provide an initial assessment within 3–5 business days

  3. Remediation
    Fixes are developed, tested, and deployed, with prioritization based on severity

  4. Disclosure
    We coordinate responsible disclosure after resolution


Incident Response


In the event of a security incident, Valtoric follows a defined response process:

  1. Identification
    Detection through logs, monitoring, or reports

  2. Containment
    Revoke access, isolate affected components

  3. Investigation
    Analyze logs and determine root cause and impact

  4. Remediation
    Apply fixes and validate system integrity

  5. Communication
    Notify Atlassian and affected customers where required

  6. Post-Incident Review
    Document findings and improve safeguards


Logging & Monitoring


We maintain logs for key system activities, including:

  • Application events

  • API access

  • Administrative actions

  • Data export operations

These logs are used to detect anomalies and support incident investigations.


Supported Versions


We support the latest production versions of our applications available on the Atlassian Marketplace.


Changes to This Policy


We may update this Privacy Policy from time to time. Updates will be reflected by revising the “Last updated” date below.


Contact


For any security-related inquiries:

security@valtoric.io



Last updated: March 2026