Why This App Is Not "Runs on Atlassian"
What Is "Runs on Atlassian"?β
"Runs on Atlassian" (RoA) is an Atlassian certification that guarantees an app processes and stores all data exclusively within Atlassian's own infrastructure, with no data leaving the Atlassian ecosystem under any circumstances.
Our App and Data Privacyβ
External Share & Public Links for Jira is built entirely on Atlassian Forge. All app logic runs inside Forge's runtime, and no data is sent to any external server or third-party system. Your Jira data never leaves the Atlassian ecosystem.
Why It Doesn't Qualify for RoAβ
Despite this, the app cannot carry the RoA badge because it uses a Forge Web Trigger β a publicly accessible HTTPS endpoint hosted within Atlassian's own infrastructure β to serve shared Work Item pages to external recipients.
From a technical standpoint, the data flow is entirely internal to Atlassian. However, Atlassian's RoA certification criteria treats any app that exposes a public HTTP endpoint as incompatible with the standard, regardless of where that endpoint is hosted.
In short: the app is disqualified by a technicality, not by actual data leaving Atlassian.
Our Recommendationsβ
Even though the app does not expose data outside of Atlassian's infrastructure, sharing Work Items externally is a sensitive operation by nature. We recommend the following precautions:
- Restrict who can share β In the app configuration, disable the default "Allow all users" option and limit sharing permissions to specific trusted Jira groups (e.g., project managers or team leads). See Configuration for step-by-step instructions.
- Monitor sharing activity β Use the built-in Audit Log to review a full history of links created, regenerated, and revoked. This helps ensure compliance with your organisation's data-sharing policies and provides a clear trail if a link is ever misused.
These two steps give you meaningful control over what is shared and with whom, keeping your data exposure intentional and auditable.