- Data storage and location: Explain where your application will store data from your customers and where (physically) the data will be stored. It is your responsibility to comply with all local laws.
- Backups: Explain your backup and recovery policy for customer data. You should publish your RTO and RPO targets, and explain if and when data is moved offsite. For cloud products, backups are made daily, and stored offsite on a weekly basis.
- Account removal and data retention: Explain how a customer can close an account and completely remove their data from your service. For Atlassian cloud applications, customer data is retained for 15 days after account removal and then unrecoverably deleted after that time.
- Data portability: Explain if and how a customer can extract their data from your service. For example, is it possible to move from your hosted service to a downloaded version of your software?
- Application and infrastructure security: Explain what security measures you've taken in your application and infrastructure, for example on-disk data encryption or encrypted data transfer between servers.
- Security disclosure: Explain how and under what circumstances you would notify customers about security breaches or vulnerabilities. You should also indicate how a user or security researcher should disclose a vulnerability found in your add-on to you. (Example from Atlassian: How to report a security issue)
- Privacy: Explain that data collected during the use of your add-on will not be shared with third parties except as required by law.
Manage space
Manage content
Integrations