Cloud Scheduler
HomePulseResourceScheduleCalendarGanttTimesheetPricingDocsSecurityContact
ContactReviewer guide

Security

Last updated: July 1, 2026

Cloud Scheduler is designed as a Forge-native Jira Cloud app. This page is intentionally detailed for customers, procurement teams and Atlassian Marketplace review.

Executive summary

  • Built for Jira Cloud and presented as an Atlassian Forge app.
  • Normal operation does not require a vendor-hosted external backend.
  • Application data is intended to be stored in Forge Storage.
  • Authentication is handled by Atlassian; authorization follows Jira permissions and Forge scopes.
  • The app does not intentionally collect Atlassian passwords, login sessions, card data or authentication secrets.

Architecture

  • Atlassian Forge runtime for app execution.
  • Jira Cloud APIs for reading/writing Jira work information needed by planning features.
  • Forge Storage for configuration, planning data and app settings.
  • Public marketing/support website hosted separately on Cloudflare Pages.
  • Optional contact form email sending via Cloudflare Pages Function and transactional email service.

Authentication and authorization

  • Cloud Scheduler relies on Atlassian authentication context.
  • Access to Jira data is governed by Jira permissions and scopes granted at installation.
  • The app does not access Atlassian login credentials or sessions.
  • The app does not modify Atlassian identity properties or user passwords.

Scopes

  • read:jira-work — read Jira work data required for planning.
  • write:jira-work — create/update Jira work-related data where enabled.
  • read:jira-user — read Jira user information for resource planning.
  • storage:app — store app configuration and planning data in Forge Storage.

Security controls

  • Least-privilege scope review before release.
  • No API keys or secrets in client-side code.
  • Input validation and output encoding for user-provided values.
  • No intentional collection of passwords, payment card data or authentication secrets.
  • Security reports accepted at support@cloudschedulerapp.com.

Vulnerability management

  1. Receive report through support/security email.
  2. Acknowledge within the support target.
  3. Classify severity and customer impact.
  4. Fix, test and deploy remediation.
  5. Update documentation or customers if required.
Cloud Scheduler
DocsSupport & SLAPrivacySecurityData handlingTrust centerIncident responseTermsEULAFAQMarketplace checklistsupport@cloudschedulerapp.com
Zoomed screenshot