La Forge
Legal · Security

Security Policy

Last updated: 30 May 2026

Introduction

La Forge WORK is committed to ensuring the security and privacy of our users' data. This security policy outlines the measures we take to protect your information and the procedures we have in place to respond to security incidents.

Data protection and privacy

  • Data encryption — all data transmitted between our Forge apps and Atlassian services is encrypted using TLS (Transport Layer Security) to ensure data integrity and confidentiality.
  • Data storage — we use secure, state-of-the-art data storage solutions to protect user data. Access is restricted to authorized personnel only.
  • Data minimization — we only collect and store data necessary for the operation of our apps. We do not store sensitive personal data unless it is essential for app functionality.
  • Data retention — user data is retained only as long as necessary to fulfill the purposes for which it was collected. Upon request, data can be deleted in accordance with applicable laws and regulations.

Access control

  • Authentication — access to our apps requires secure authentication mechanisms. We employ industry-standard authentication protocols, including OAuth and API tokens.
  • Authorization — we implement role-based access control (RBAC) to ensure users have access only to the data and functionalities required for their role.
  • Regular audits — we conduct regular security audits and reviews to ensure compliance with our access-control policies.

Vulnerability management

  • Security testing — our apps undergo regular security testing, including static code analysis, dynamic analysis and penetration testing, to identify and mitigate vulnerabilities.
  • Patch management — we promptly apply security patches and updates to our infrastructure and applications to address identified vulnerabilities.

Incident response

  • Incident detection — we have monitoring systems in place to detect unusual activity and potential security incidents. Alerts are configured to notify our security team of any suspicious behavior.
  • Incident reporting — users can report security incidents or vulnerabilities to our dedicated security email: security@laforge.work. We encourage responsible disclosure and commit to responding promptly to any reported issues.
  • Incident response plan — we maintain a detailed incident response plan covering containment, investigation, remediation and communication with affected users.

Compliance

  • Legal and regulatory compliance — we comply with all applicable data-protection laws and regulations, including GDPR and CCPA.
  • Third-party services — any third-party services used by our apps are carefully vetted to ensure they meet our security standards and comply with relevant regulations.

User responsibilities

  • User security practices — users are responsible for maintaining the security of their account credentials and for promptly reporting any suspected security incidents.
  • Regular updates — users should ensure they are using the latest version of our apps to benefit from the latest security enhancements and fixes.

Contact

For any security-related inquiries or to report a security incident, please email security@laforge.work.