Security at IssueCapture

We take security seriously and implement standard security measures to protect your data. Here's what we do to keep your information safe.

A+
SSL Rating
Qualys SSL Labs
A
Security Headers
SecurityHeaders.io

Encryption

Your data is protected with industry-standard encryption both in transit and at rest.

  • TLS/HTTPS for all connections
  • AES-256 encryption for sensitive credentials
  • Encrypted database storage
  • Secure token management

Infrastructure

Built on enterprise-grade cloud infrastructure with automatic scaling and high availability.

  • Global CDN for fast delivery
  • PostgreSQL database with automatic backups
  • Serverless architecture with auto-scaling
  • DDoS protection
  • SOC 2 Type II certified hosting providers

Authentication

Secure authentication with OAuth 2.0 for Jira integration and JWT-based session management.

  • OAuth 2.0 for Jira connection
  • JWT-based session management
  • Secure password hashing
  • API key management with revocation
  • Session timeout protection

Data Isolation

Multi-tenant architecture with Row Level Security ensures your data is isolated from other customers.

  • Row Level Security (RLS) in PostgreSQL
  • Logical tenant isolation per account
  • No cross-tenant data access
  • Account-based access controls

Security Headers

Modern security headers protect against common web vulnerabilities.

  • HTTP Strict Transport Security (HSTS)
  • X-Frame-Options to prevent clickjacking
  • X-Content-Type-Options (nosniff)
  • Referrer-Policy for privacy
  • Content-Security-Policy (CSP)

Abuse Prevention

Automated fraud detection system to identify and prevent abuse of the platform.

  • Risk scoring for new signups
  • Multi-signal fraud detection
  • Automatic flagging of suspicious accounts
  • Admin review dashboard
  • Audit trail for all billing transactions

Security Practices

Data Protection

  • Jira OAuth tokens encrypted before storage
  • Passwords hashed with secure algorithms
  • Minimal data collection (email/name optional)
  • No storage of credit card details (handled by PCI DSS compliant processor)

Access Control

  • Role-based permissions (Owner, Admin, Member)
  • Team-based account access
  • API keys scoped to specific widgets
  • Domain allowlist for widget usage

Operational

  • Regular dependency updates
  • Code review for all changes
  • Environment variable management for secrets
  • Audit logging for sensitive operations

Data Privacy

  • No IP Address Collection: We don't collect or store IP addresses in widget analytics. No cookies, no fingerprinting, no cross-site tracking.
  • Minimal Data Collection: We only collect data necessary for service operation. End user email and name are optional fields.
  • No Credit Card Storage: Payment processing is handled by a PCI DSS Level 1 certified provider. We never see or store your credit card details.
  • Your Data Stays Yours: Issues are created directly in your Jira instance. We store limited issue data to process submissions and power features like duplicate detection. Embeddings are retained for 90 days by default, and Business plans can customize retention.
  • AI Privacy: AI features process data in real-time. Your data is not used to train AI models.

GDPR Compliance

No consent banner required

Our widget analytics are privacy-first: no IP addresses, no cookies, no personal identifiers. This means no consent banner is required for your end users.

Privacy-First Analytics

Widget analytics collect only anonymous, aggregated data. No IP addresses, no cookies, no cross-site tracking. Similar to Vercel Analytics.

Right to Deletion

Account owners can permanently delete their account and all associated data directly from the Settings page. No email required.

Right to Access

Request your data via privacy@issuecapture.com. We respond within 48 hours with all personal information we hold about you.

Data Minimization

We collect only what's necessary. No data selling, ever. Some issue data is stored to process submissions and AI features, with retention controls available on Business plans (embeddings default to 90 days).

Our Commitment

We're a small team committed to building secure software. While we may not have the resources of large enterprises, we follow security best practices and continuously work to improve our security posture.

What we don't have (yet):

  • Independent third-party security audits
  • SOC 2 certification for IssueCapture itself (our providers are certified)
  • 24/7 dedicated security team
  • Formal bug bounty program

Found a Security Issue?

If you discover a security vulnerability, please let us know. We appreciate responsible disclosure and will work quickly to address any issues.

How to Report:

  • Email: security@issuecapture.com
  • Include steps to reproduce and potential impact
  • We'll acknowledge receipt and keep you updated
Report a Vulnerability

Have questions about our security practices?

Contact Us