Security & Data Privacy
Beautiful Assets is designed with data privacy as a core principle. This page explains where your data lives, how it flows, and what controls you have.
All Data Stays Within Atlassian
Beautiful Assets does not send any data to external servers. Every piece of data the app processes stays within the Atlassian platform:
- Asset data is read from Jira Assets using Atlassian’s internal API (
requestJira). These API calls never leave Atlassian’s infrastructure. - App settings (preview limits, dropdown limits) are stored in Forge KVS (Key-Value Storage), which is part of Atlassian’s cloud infrastructure.
- Macro configurations (filter rules, selected attributes, column definitions) are stored in Confluence’s native macro config storage, tied to the page.
- No external APIs are called. The app does not communicate with any third-party servers, analytics services, or telemetry endpoints.
What the App Can Access
Beautiful Assets requests the following Atlassian permissions:
| Permission | What it does |
|---|---|
| Read object schemas | Lists available schemas in Jira Assets |
| Read object types | Lists object types within a schema |
| Read object attributes | Reads attribute definitions for object types |
| Read objects (AQL) | Queries objects using AQL to display on the page |
| Read Confluence pages | Reads page context for macro rendering |
| Write Confluence pages | Saves macro configuration when you click Save |
| App storage | Stores admin settings (preview limits, dropdown items, logging state) |
The app accesses Jira Assets data as the current user. This means:
- Users only see data they already have permission to view in Jira Assets
- The app cannot bypass Jira Assets permission schemes
- If a user lacks read access to a schema, macros will show an error instead of the data
Debug Logging
When debug logging is enabled by an admin, log output is written to the Forge runtime logs. These logs:
- Are stored within Atlassian’s platform
- Are accessible to workspace admins through Forge’s standard log viewer
- Auto-disable after 1 hour
- May contain asset attribute names, object keys, and AQL queries in diagnostic messages
If you are asked to share debug logs with the app developer for troubleshooting, be aware that logs may contain the names and keys of assets that were queried during the logging period. Review logs before sharing and redact any sensitive information.
No Data Collection
Beautiful Assets:
- Does not collect usage analytics or telemetry
- Does not track which pages use the app or how often they are viewed
- Does not store any data outside of your Atlassian instance
- Does not have any “phone home” functionality
Image Domain Restrictions
The Image macro restricts which domains can serve images. This prevents the macro from loading content from arbitrary external servers. Only images from Atlassian CDN domains, Gravatar, Unsplash, and your own instance domain are permitted.
Recommendations for Admins
- Review Jira Assets permissions regularly to ensure only the right people can see sensitive asset data through Beautiful Assets pages
- Keep debug logging disabled unless actively troubleshooting. It is off by default and auto-disables for this reason
- Review logs before sharing with external parties, as they may contain asset names and query details