Security Policy

Effective Date: May 1, 2025

At Reqase, we are committed to protecting the confidentiality, integrity, and availability of our application and the data it processes. This Security Policy outlines the technical and organizational measures implemented to safeguard your information against unauthorized access, alteration, disclosure, or destruction.

1. Overview

2. Data Security

Data Processing

Reqase – AI Requirement Test for Jira processes data transiently to analyze and generate test cases directly within Jira Cloud.

No personal data is permanently stored by the app.
The application only records minimal error logs and usage metrics required for troubleshooting and service monitoring.
No operational or requirement data is stored outside of Atlassian Cloud.

Data Encryption

All data transmitted between Reqase, Jira Cloud, and AI service providers is protected using industry-standard TLS encryption. Secure channels ensure the confidentiality and integrity of data in transit.

Data Access

Access to diagnostic logs is strictly limited to authorized personnel and used solely for system maintenance and support. All administrative access is monitored and follows the principle of least privilege.

3. Third-Party Services

AI Processing – Free Mode

In default (free) mode, Reqase uses OpenAI services (ChatGPT 4o-mini) to process requirement content and assist in test generation.

No personal data is shared with OpenAI.
Only non-personal, task-relevant text is processed.
Data is not stored or used by OpenAI for model training.
The integration is governed by OpenAI's standard commercial agreement, ensuring compliance with enterprise security standards.

AI Processing – Company Mode

Organizations may choose to use their own OpenAI or Azure OpenAI subscription for complete control over data governance.

In this mode, all AI processing occurs under the company's own contract and compliance framework with the AI vendor.
The company is responsible for maintaining its subscription, costs, and data processing agreements with the selected provider.

Hosting Environment

Reqase does not operate or rent its own compute infrastructure for AI processing. All data handling occurs within Atlassian Cloud and the configured AI service provider.

4. Application Security

We implement and maintain security best practices throughout our software lifecycle:

Secure Development: Regular code reviews, dependency checks, and security audits.
Vulnerability Management: Continuous monitoring and timely remediation of identified vulnerabilities.
Incident Response: A documented incident response plan ensures prompt investigation, containment, and user notification (within 72 hours, if applicable).

5. User Security

Authentication & Access Control: Reqase relies entirely on Jira Cloud's authentication mechanisms and does not manage user credentials independently.
Role-Based Access: User permissions and role assignments in Jira Cloud are fully respected and enforced by the app, ensuring access only to authorized users.
Session Integrity: All user sessions follow Atlassian's access control and timeout policies.

6. Compliance

Reqase – AI Requirement Test for Jira adheres to global data protection standards, including GDPR and CCPA.

The app does not collect, store, or process personal data beyond what is required for Jira Cloud integration.
We ensure that all third-party services operate under contractual terms consistent with these data protection laws.
Our commitment includes ongoing collaboration with customers to maintain compliance across integrations.

7. Changes to This Policy

We may revise this Security Policy periodically to reflect evolving best practices or regulatory requirements. Any updates will be posted on our official website and Marketplace listing. Continued use of the app after changes constitutes acceptance of the updated policy.

8. Contact

If you have any questions or security concerns, please contact us at:

Email: contact@reqase.com