Security at IssueCapture

We take security seriously and implement standard security measures to protect your data. Here's what we do to keep your information safe.

A+
SSL Rating
Qualys SSL Labs
A
Security Headers
SecurityHeaders.io

Encryption

Your data is protected with industry-standard encryption both in transit and at rest.

  • TLS/HTTPS for all connections
  • AES-256 encryption for sensitive credentials
  • Encrypted database storage
  • Secure token management

Infrastructure

Built on enterprise-grade cloud infrastructure with automatic scaling and high availability.

  • Global CDN for fast delivery
  • PostgreSQL database with automatic backups
  • Serverless architecture with auto-scaling
  • DDoS protection
  • SOC 2 Type II certified hosting providers

Authentication

Secure authentication with OAuth 2.0 for Jira integration and JWT-based session management.

  • OAuth 2.0 for Jira connection
  • JWT-based session management
  • Secure password hashing
  • API key management with revocation
  • Session timeout protection

Data Isolation

Multi-tenant architecture with Row Level Security ensures your data is isolated from other customers.

  • Row Level Security (RLS) in PostgreSQL
  • Logical tenant isolation per account
  • No cross-tenant data access
  • Account-based access controls

Security Headers

Modern security headers protect against common web vulnerabilities.

  • HTTP Strict Transport Security (HSTS)
  • X-Frame-Options to prevent clickjacking
  • X-Content-Type-Options (nosniff)
  • Referrer-Policy for privacy
  • CORS protection with domain whitelisting

Abuse Prevention

Automated fraud detection system to identify and prevent abuse of the platform.

  • Risk scoring for new signups
  • Multi-signal fraud detection
  • Automatic flagging of suspicious accounts
  • Admin review dashboard
  • Audit trail for all credit transactions

Security Practices

Data Protection

  • Jira OAuth tokens encrypted before storage
  • Passwords hashed with secure algorithms
  • Minimal data collection (email/name optional)
  • No storage of credit card details (handled by PCI DSS compliant processor)

Access Control

  • Role-based permissions (Owner, Admin, Member)
  • Team-based account access
  • API keys scoped to specific widgets
  • Domain whitelisting for widget usage

Operational

  • Regular dependency updates
  • Code review for all changes
  • Environment variable management for secrets
  • Audit logging for sensitive operations

Data Privacy

  • Minimal Data Collection: We only collect data necessary for service operation. End user email and name are optional fields.
  • No Credit Card Storage: Payment processing is handled by a PCI DSS Level 1 certified provider. We never see or store your credit card details.
  • Your Data Stays Yours: Issues are created directly in your Jira instance. We don't store issue content long-term.
  • AI Privacy: AI features process data in real-time. Your data is not used to train AI models.

GDPR Compliance

We're committed to GDPR compliance and have implemented the key requirements to protect EU residents' data rights.

Explicit Consent

We collect consent via checkbox during signup. Complete audit trail with timestamp, method, IP address, and user agent stored securely.

Right to Deletion

Account owners can permanently delete their account and all associated data directly from the Settings page. No email required.

Right to Access

Request your data via privacy@issuecapture.com. We respond within 48 hours with all personal information we hold about you.

Data Minimization

We collect only what's necessary. No data selling, ever. Issue content goes directly to your Jira, not stored on our servers.

Our Commitment

We're a small team committed to building secure software. While we may not have the resources of large enterprises, we follow security best practices and continuously work to improve our security posture.

What we don't have (yet):

  • Independent third-party security audits
  • SOC 2 certification for IssueCapture itself (our providers are certified)
  • 24/7 dedicated security team
  • Formal bug bounty program

Found a Security Issue?

If you discover a security vulnerability, please let us know. We appreciate responsible disclosure and will work quickly to address any issues.

How to Report:

  • Email: security@issuecapture.com
  • Include steps to reproduce and potential impact
  • We'll acknowledge receipt and keep you updated
Report a Vulnerability

Have questions about our security practices?

Contact Us