Next to the facts that we have pointed out in the Data Encryption documentation, we are using Forge as the backbone of our app. Forge is a framework used for building modern Atlassian Cloud apps with a big focus on security.
The Forge runtime sandboxes the apps from the environment in which they execute. By running apps in isolated environments, the platform limits what apps can do. For example:
Apps cannot accidentally leak customer data across sites.
Apps cannot interfere with or modify other running apps.
To understand how this works in detail, see the diagram and notes on the Forge app sandbox below:
The Forge platform enables secure data management through its architecture and the way it handles data. This includes data isolation to prevent leaks as well as data handling policies for the Forge environments.
bitvoodoo ag took great care in building the app Confidential Fields in the most secure way possible. The following diagrams show how data is saved (write) and displayed (read). For the complete picture, including a glossary, read the page Data Encryption.