đź”’ Security Overview
Last Updated: 07.11.25
This page provides detailed security and compliance information about Simple Glossary for Confluence. It is intended for Security Officers and IT administrators conducting app security assessments.
1. Application Architecture​
Simple Glossary is built entirely on the Atlassian Forge platform — a secure, serverless framework that runs directly within Atlassian’s cloud infrastructure. The app does not use any external servers, APIs, or data storage.
You can confirm this in the Atlassian Marketplace listing, which includes the “Runs on Atlassian” badge. This badge indicates that the app executes inside Atlassian’s distributed cloud environment, managed by Atlassian.
Forge apps are deployed within the same distributed services architecture described in Atlassian Cloud Architecture and Operational Practices – Cloud platform architecture. This architecture ensures that application logic and stored data remain within Atlassian’s protected boundaries and benefit from Atlassian’s global security, redundancy, and operational controls.
2. Data Access & Storage​
Simple Glossary accesses only the minimal Confluence data required for its functionality. All glossary data — including terms, definitions, languages, and settings — is stored securely in Atlassian Forge Storage API, within Atlassian’s own infrastructure. No data ever leaves the Atlassian Cloud.
The app uses a small set of standard Atlassian OAuth 2.0 scopes to perform read-only operations within Confluence Cloud.
Permissions Overview​
| Scope | Purpose | Data Accessed | Storage Location |
|---|---|---|---|
storage:app | Stores glossary data (terms, definitions, labels, language preferences, and settings). | Glossary metadata and content. | Atlassian Forge Storage API (within Atlassian Cloud). |
read:confluence-content.summary | Used to identify the current page. | Page ID, title, space key. | Used in-memory, not persisted. |
read:page:confluence | Reads page content for detecting glossary terms and showing related terms in views. | Page content temporarily processed in memory. | Not stored or exported. |
read:group:confluence | Reads group names to check whether a user belongs to a group allowed to manage glossary terms. | Group names only. | Not persisted. |
read:user:confluence | Retrieves current user’s Atlassian account ID to track authorship of glossary entries. | accountId | Stored only as part of audit info in Forge Storage. |
read:space:confluence | Retrieves Confluence space details for linking spaces and navigating between glossaries. | Space key, name, and type. | Not persisted beyond reference links. |
3. Data Privacy​
- Simple Glossary does not collect, transmit, or store personal identifiable information (PII) such as emails, IP addresses, or usage analytics.
- The app only uses Atlassian account identifiers (only
accountId) to show who created or edited a term. - No external telemetry, cookies, or third-party tracking systems are used.
All operations happen within the Atlassian Cloud environment, using Atlassian’s built-in authentication and authorization (OAuth 2.0 scopes).
4. Data Retention and Removal​
- All glossary data is stored within Atlassian Forge Storage and tied to the Confluence site where the app is installed.
- When an administrator uninstalls the app, all data stored by the app is automatically deleted from Atlassian’s Forge Storage.
- No data copies, backups, or logs exist outside Atlassian infrastructure.
- Users and administrators can manually clear glossary data by resetting space or global settings within the app.
5. Network & Connectivity​
- The app does not make any outbound or inbound network connections.
- There are no external endpoints, webhooks, or integrations with third-party systems.
- All communication happens internally through Atlassian’s secure API layer between Forge and Confluence Cloud.
6. Permissions Summary​
Simple Glossary uses a minimal and read-only permission set. It cannot modify Confluence pages, access attachments, or read user emails. The only write capability is to Forge Storage (for glossary data only).
Key principles:
- Read-only access to Confluence data
- No personal data collection
- No external network communication
- No use of third-party services
7. Vendor Information​
Vendor: DailyMind LTD
App name: Simple Glossary for Confluence
Hosting: Atlassian Forge (Atlassian Cloud)
Marketplace ID: 1235602
Support contact: [email protected]
Website: https://simple-glossary.teamkit.dev
8. FAQ for Security Assessment​
Does the app store data outside Atlassian Cloud? No. All data is stored in Atlassian Forge Storage within Atlassian Cloud.
Does the app use external APIs or third-party integrations? No. It operates entirely within Atlassian infrastructure.
Does the app collect personal user data?
No. Only Atlassian accountId is used for identification within Confluence.
Can administrators delete all stored data? Yes. Uninstalling the app deletes all associated data automatically.
Is the app covered by Atlassian’s data center and operational security practices? Yes. As a Forge-hosted application, it runs inside Atlassian’s distributed services architecture — Data Center Security.
🧩 Simple Glossary for Confluence runs fully on Atlassian Forge — meaning your data never leaves Atlassian’s cloud.