Disclosure expectations
- Include impact, reproduction steps, and affected tenant scope.
- Allow reasonable time for investigation and remediation.
- Do not access or alter customer data beyond what is necessary to validate the issue.
ResolveLoop
Security
Security and vulnerability disclosure information for KB Sentinel.
Security contact
Security issues should reach the product owner directly.
Please report suspected vulnerabilities or security concerns to security@getresolveloop.com with the subject line KB Sentinel security. Avoid sending sensitive secrets or exploit code to public channels.
This page is operationally usable now, but it will continue to evolve alongside final Marketplace security documentation.
Current subprocessor set
- Atlassian Forge
- OpenAI when enhanced drafting is enabled
Data handling summary
- Tenant state is persisted in Atlassian Forge-hosted services, including Forge SQL.
- KB Sentinel stores reduced excerpts, findings, drafts, scan history, score trends, and page-author account IDs retained solely for Atlassian Personal Data Reporting API obligations rather than full raw knowledge-base bodies.
- OpenAI processing is isolated behind a provider adapter and only used for repair drafting when configured.
- The app does not intentionally share logs containing End-User Data with third parties.
- Current launch posture does not claim Runs on Atlassian because model egress can occur.
Access and secret handling
- End users are not asked to provide Atlassian PATs or account passwords.
- Stored Atlassian account IDs are limited to Confluence page-author references needed for privacy reporting.
- Closed or updated account references are erased when Atlassian flags them through the Personal Data Reporting API.
What helps us investigate quickly
- Clear affected tenant scope and approximate timestamps
- Reproduction steps and expected versus observed behavior
- Whether the issue involves Jira, Confluence, licensing, or external model calls