Last updated Apr 9, 2024

Pre-launch trust checklist for new apps

Before launching your app on the Atlassian Marketplace, you’ll need to prepare your business for customer expectations and questions around trust. The checklist below gives you some helpful initial pre-launch steps, for example how to:

  • Meet privacy and GDPR requirements
  • Answer privacy and security questions from customers
  • Put controls in place to ensure the security of your app
  • Cover your legal bases

This will make it easier for you to show customers that you’re serious about protecting their data. While you may not be ready to go for your SOC 2 or ISO 27001 audit today, these steps will set your company up for success if you want to pursue certifications later.

Why is trust important?

To attract customers in cloud, you need to give your customers confidence in your app’s security, privacy, and compliance.

This is especially important if you’d like to support larger customers (enterprise), or customers from regulated regions or industries.

Build customer trust in cloud

1. Build “secure by design” apps

Reduce risks and fix weaknesses by building your app with "secure by design" principles. These include:

  • Least privileged access: minimize the customer data your app must access to perform its function.
  • Least data egress: minimize the need for data to leave the customer’s instance or to leave Atlassian’s hosting infrastructure.
  • Leverage Atlassian infrastructure whenever possible: Atlassian is responsible for our own infrastructure, and we invest heavily in ensuring this infrastructure is secure and built to protect customer data from loss or attack.

Our serverless app development platform, Forge, helps you build “secure by design” apps from the start.

2. Understand data flow in your app

Understand how your app and business handles data. Ensure you can answer the following questions:

  • Which subprocessors do you use?

  • Which employees have access to what data?

  • Where, geographically, does your data reside?

    • Where is data stored?
    • Where is data processed?
    • What kind of data is stored or processed in which locations?

3. Have a data subject request process in place

Under GDPR and most other privacy laws, customers have a right to:

  • Access any personal data processed by your app.
  • Request that data be deleted.

Make sure you have a process in place to handle these requests. For guidance, check out:

4. Create a detailed privacy policy

Build a strong privacy policy that reflects how your business and app actually handles data. You can view Atlassian’s privacy policy as an example.

5. Document your security controls

To prepare for potential customer or auditor requests, document any security controls you have in place to prevent, detect, or correct threats to data. These include:

  • Physical controls like fences, gates, CCTV or surveillance, or access cards.
  • Technical controls like firewalls, IPS, antivirus software, MFA, IDS, or vulnerability patching.
  • Administrative controls like data classification, hiring and termination policies, separation of duties, business continuity plans, incident response plans, access rights, or audit logs.

These records will also make any future audits much easier (for example, SOC 2 or ISO 27001).

If this is your first Marketplace app, navigating the legal obligations can feel daunting.

7. Prepare for privacy questions

To prepare for privacy questions, have an email address or contact information available on your Atlassian Marketplace listing, website, or privacy policy.

To prevent answering many of the same questions again, communicate as much privacy information as possible via the Privacy & Security tab, your trust center, or other documentation.

Next steps

  1. Follow the app approval guidelines to submit your app on the Marketplace.
  2. Complete the Privacy & Security tab.
  3. Establish a trust center on your website to make it easy for customers to learn about your app.

Rate this page: