/
Security Statement and Self-Assessment – FreshPage

Security Statement and Self-Assessment – FreshPage

FreshPage is built exclusively on Atlassian Forge, a secure, cloud-native platform that provides strong isolation, encrypted storage, and protected execution environments. We take the security of your data seriously and have designed our app to operate with the minimum required access and strong safeguards.

FreshPage respects Confluence’s permission model and does not expose any data beyond what the logged-in user is authorized to view. The app stores only minimal metadata (verification timestamps and configuration settings) required for tracking content freshness and does not perform automated content modification or background changes to page text.

1. General Information

Item

Details

Item

Details

App Name

FreshPage: Visual Page Freshness Tracking for Confluence

App Type

Confluence Cloud App (Atlassian Forge)

Hosting Model

Atlassian Forge (Atlassian-hosted)

Deployment

Confluence Cloud only

Target Users

All Confluence Users, Space Administrators

Data Sensitivity

Low (metadata and timestamps only)

2. Authentication & Authorization

Area

Implementation

Area

Implementation

User Authentication

Handled by Atlassian (Confluence Cloud login)

Authorization Model

Hybrid: User-as-user for actions, App-as-App for maintenance

Permission Enforcement

Fully enforced by Confluence

Elevated Privileges

Not used

App Roles

Space Admin role required for configuration only

3. Permission Scopes Requested

Scope

Purpose

Risk Level

Scope

Purpose

Risk Level

read:page:confluence

Read page metadata (ID, version) to display status

Low

write:confluence-props

Store "Verified" status and timestamp on pages

Low

read:confluence-props

Read existing status to calculate freshness

Low

read:space:confluence

Check space-level configuration settings

Low

storage:app

Store global and space-level thresholds

Low

4. Confluence APIs Used

API Category

Usage

Permission Context

API Category

Usage

Permission Context

Content API

Identify current page context

User

Space API

Load space-specific settings

User

Content Property API

Read/Write hidden "freshness" metadata

User / App

User API

Attribution for "Verified By" status

User

Label API

Check for freshpage-evergreen label

User / App

5. Data Stored by the App

Data Type

Stored?

Details

Data Type

Stored?

Details

Page Content (Body)

No

Never stored or transmitted

Verification Timestamp

Yes

Stored as Page Property

Verifier AccountID

Yes

Stored for attribution

Configuration Settings

Yes

Global/Space thresholds (days)

Evergreen Status

No

Derived from Confluence Labels

User Comments

No

Write-only (App posts comments, does not read them)

PII

No

accountId only (no names/emails)

6. Data Retention & Deletion

Aspect

Behavior

Aspect

Behavior

Default Retention

Indefinite (attached to page lifecycle)

Configurable Retention

N/A (Metadata tied to page existence)

Data Deletion on Uninstall

Automatic via Forge (app storage cleared)

Manual Deletion

Admin can delete Page Properties

Backups

Managed by Atlassian

7. Permission Handling Scenarios

Scenario

App Behavior

Scenario

App Behavior

Page Restriction (View)

Banner does not load (App respects view permissions)

Page Restriction (Edit)

"Mark as Fresh" button hidden or disabled

Space-Level Permission

Configuration UI hidden for non-admins

Anonymous Access

Read-only banner (if configured)

Missing Permissions

Banner defaults to "Unknown" state silently

8. UI & Privacy Controls

Area

Design Choice

Area

Design Choice

Verifier Name Display

Uses standard Confluence <User /> component (Privacy Respecting)

History Log

Only last verification shown

Notifications

Weekly Stale Page Reminders (Configurable per space)

External Analytics

None (No Google Analytics/Segment)

9. Data Security

Control

Implementation

Control

Implementation

Data at rest

Encrypted by Atlassian

Data in transit

TLS (Atlassian managed)

External storage

Not used

Secrets management

Atlassian managed

Tenant isolation

Enforced by Forge

10. Operational Security

Area

Approach

Area

Approach

Logging

Forge platform logs only

Monitoring

Atlassian monitoring

Rate limiting

Confluence API rate-limit aware

Caching

Short-term client-side caching only

Idempotency

Verification actions are idempotent

11. Compliance Considerations

Regulation / Standard

Status

Regulation / Standard

Status

GDPR

Compliant (minimal data)

Enterprise Security Reviews

Supported

Atlassian Marketplace

Compliant

SOC2

Inherited via Atlassian

ISO 27001

Inherited via Atlassian

12. Known Limitations & Mitigations

Risk

Mitigation

Risk

Mitigation

API Latency

Banner loads asynchronously (doesn't block page)

Large Spaces

Bulk Manager paginates results

Archived Pages

Respects page view permissions

13. Explicit Non-Goals

  • We do not analyze page content quality (AI/ML).

  • We do not enforce "Blockers" on editing (Advisory only).