Our security stance.
We built Veloxy on Forge precisely because security is the first question enterprise procurement asks — and we wanted the answer to be architecture, not promises.
Your data never leaves your tenant
Tick is built on Atlassian Forge. Every computation, every storage read and write happens inside Atlassian's infrastructure — the same boundary your Jira, Confluence and Atlassian admin already trust. Veloxy Labs has no servers that touch your data.
Encryption at rest and in transit
All data stored by Tick uses Forge Storage, which inherits Atlassian's encryption at rest (AES-256) and in transit (TLS 1.2+). We don't manage encryption keys — Atlassian does, under their compliance programs.
SOC 2 Type II via Atlassian
Because Tick runs entirely on Forge, it operates within Atlassian's SOC 2 Type II certified environment. According to Vanta's research, Forge-native apps can satisfy up to 30% of SOC 2 requirements simply by staying within the Forge boundary.
No third-party data sharing
Tick contains no third-party analytics SDKs, no advertising pixels, and no external API calls that would transmit your Jira data outside the Forge runtime. You can verify this by reviewing the app's manifest in the Atlassian Marketplace.
Respects your existing permissions
Tick does not create a parallel permission model. It reads and respects your existing Jira project permissions. Users see only the data they're already authorized to see in Jira.
Have a security question?
If your procurement or security team has specific questions, we're happy to respond directly. Email us at security@veloxylabs.com.
Contact our team →