Data & privacy
SignOff runs entirely within Atlassian's cloud platform. No data is sent to external servers. All signatures, configuration, audit trails, and metadata are stored securely by Atlassian as part of their cloud infrastructure.
Encryption
All data at rest is encrypted by Atlassian using AES-256. Data in transit between the app and Atlassian services is encrypted via TLS.
Data integrity
When 21 CFR Part 11 compliance is enabled, every signature and audit event includes a SHA-256 hash computed from the signature data, signer identity, timestamp, and the hash of the previous record. This forms a tamper-evident chain — any modification to a historical record would break the chain and be immediately detectable. See 21 CFR Part 11 for details.
Storage format
Signature data is stored in a compact, resolution-independent format that renders crisply at any size and uses minimal storage.
Required permissions
The app requires the following permissions:
| Permission | Purpose |
|---|---|
| Read Jira issues | Access issue details for PDF generation and workflow evaluation |
| Write Jira issues | Add comments, update issue properties, and execute transitions |
| Read Jira users | Identify signers and search users for signature requests |
| Manage project settings | Access and save project-level settings |
| Manage Jira configuration | Access global admin settings and workflow configurations |
| App storage | Persist signatures, pending requests, groups, audit trails, and configuration |
For full privacy details, see the Zeroph privacy policy.