Progressify
Trust

Your data never leaves Atlassian. Verifiably.

Security pages usually ask you to trust the vendor. Ours asks you to read the manifest — the permission surface Atlassian enforces on every Forge app at runtime.

// every Progressify Atlassian app's Forge manifest — the enforceable
// version of this page, enforced by the platform at runtime.
permissions:
  external:
    fetch: {} // no external calls. none.
  scopes: [least-privilege, per app]
storage: forge // inside your Atlassian tenant

Every Progressify app for Atlassian is built exclusively on Forge, Atlassian's first-party app platform. Compute, storage, events, and UI all run inside Atlassian's own infrastructure, in the same trust boundary you already approved when you adopted Jira or Confluence. There are no Progressify servers involved: no external databases, no third-party analytics on your data, no webhooks leaving your tenant. The same principle governs every platform we build for: our apps run natively inside the platform they extend, never on ours.

A Forge app declares every permission it needs in its manifest, and the platform enforces those declarations at runtime. Our apps declare zero external fetch permissions — which means even a bug cannot exfiltrate your data, because the platform gives our code no path out. That is a stronger guarantee than any policy document, and it is why we build this way.

Our commitments

  • Zero external egress — no Atlassian app we ship will ever send your data outside Atlassian's cloud
  • No third-party AI — any AI feature uses Atlassian's own Forge LLMs or Rovo; prompts and completions stay inside Atlassian
  • Least-privilege scopes — each app requests only the OAuth scopes its features need, and scope additions always require your re-consent
  • Storage in your tenant — app data lives in Forge Storage within your Atlassian Cloud environment
  • Per-app privacy documentation — every app ships its own statement of exactly what it stores and for how long

Check it yourself

Our Atlassian apps are engineered end-to-end to the eligibility bar of Atlassian's “Runs on Atlassian” program — the zero-egress architecture described above — and that architecture is checkable in each app's manifest, not just this page. Our monday.com apps follow the same rule: platform-native, with no Progressify servers behind them. Questions about any of this reach the team directly at info@progressify.com.au.