Security and Privacy
at Move Work Forward

Our 100% security guarantee for our customers and solutions

These companies Move Work Forward with us

5000+ organisations trust Move Work Forward to drive team transparency & productivity.

Move Work Forward's Security and Privacy teams establish policies and controls, monitor compliance with those controls, and prove our security and compliance to third-party auditors.

1. Data Privacy

We are big on data privacy for our customers, any information we collect will be stored and processed within countries that comply with GDPR. All data transfer between the user’s browser and the user’s site happens securely via HTTPS.

2. Secure Development

We are secure by Vanta, Vanta helps with our continued compliance monitoring. We employ end to end vulnerability checks during our coding and development process. Every product undergoes an internal compliance process to ensure 100% security.

3. Security Guidelines

Move Work Forward is a platinum marketplace partner and we uphold Atlassian's security guidelines throughout our product development and operations process.

4. Infrastructure Access

We have an AWS security specialist on the team, we also employ  the lastest and best practises for infrastructure access. All our are tools are multiple factor authenticated and only access by team members on a need to know basis.

Data Protection

Data At Rest

All datastores with customer data, in addition to S3 buckets, are encrypted at rest. Sensitive collections and tables also use row-level encryption.

This means the data is encrypted even before it hits the database so that neither physical access, nor logical access to the database, is enough to read the most sensitive information.

Data is encrypted at rest
Data is encrypted in transit

Data in transit

We use TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. We also use features such as HSTS (HTTP Strict Transport Security) to maximize the security of our data in transit. Server TLS keys and certificates are managed by AWS and deployed via Application Load Balancers.

Secret Management

Encryption keys are managed via AWS Key Management System (KMS). KMS stores key material in Hardware Security Modules (HSMs), which prevents direct access by any individuals, including employees of Amazon and Vanta. The keys stored in HSMs are used for encryption and decryption via Amazon’s KMS APIs.

Application secrets are encrypted and stored securely via AWS Secrets Manager and Parameter Store, and access to these values is strictly limited.

The Secret Managers are used at Move Work Forward

Security Monitored By Vanta. View Our Trust report here

SOC 2 Type II compliance

Our Cloud Fortified Apps

Atlassian Security Program Garuantee

We participate in all the Atlassian marketplace security programs, so all of our products are extra safe.

Bug Crowd used

Marketplace Bug Bounty Program

To get a Cloud Fortified or Cloud Security Participant badge, apps must participate in this program.
Looking for security vulnerabilities


Atlassian’s Ecoscanner platform performs security checks across all Marketplace cloud apps on an ongoing basis.
Part of vulnerability disclose program

Vulnerability Disclosure Program

Atlassian runs the program so marketplace partners can mitigate security risks
Following best AWS Security Practices

Cloud App Security Requirements

We participate here and meet Atlassian's mandatory requirements for app security
Hard-core bug fixing

Security Bug Fix Policy

We adhere to security bug fix SLAs for all our apps listed on the Atlassian Marketplace.
Vendor security assessment is in use

Security Self Assessment Program

We participated in this program and have earned our cloud security badge for multiple apps as a result.
Microsoft Teams integration with Jira, Confluence, Bitbucket and Atlassian Bamboo.

App Security In Our Development Process

We take our customers security seriously and take all the steps to delivered secure solutions even from the beginning of the development process.

Team members pull stories from the backlog as capacity allows. Typically their first step is to write tests to assert the behaviour we expect. From there they will write code to make tests pass, and then refactor as needed.

When a team member is ready for code review they add two of their colleagues to a pull request. Their colleagues review the code for consistency, sanity, and against the acceptance criteria of the user story.

During the code review process we begin user acceptance testing of the functionality in the host product. At this point we're trying to ensure that what we deliver makes sense from a customers perspective. This often turns up UI/UX improvements for the story which are then subsequently included in the pull request.

Once the pull request has been approved the development branch is merged into our master branch where we do final user acceptance testing before merging to release branch and releasing the packages.

Get started for free

Join the thousands of companies already using our Apps to share their code, work together, and build amazing things.

Get started!

Some of our use cases

Microsoft Teams integration for Jira Cloud, Server and Data Center.Microsoft Teams integration for Jira Cloud, Server and Data Center.Microsoft Teams integration for Jira Cloud, Server and Data Center.Microsoft Teams integration for Jira Cloud, Server and Data Center.