The solution is a Single Page Application running directly in the browser. The app is using Google firebase backend as a service. This means that there are no open APIs instead the Google firebase realtime database is used togheter with Google firebase cloud storage.
Traffic between the browser and Google Firebase is encrypted using TLS 1.2, a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_128_GCM).
Jira data is never leaving the Jira instance (never send to remote servers or databases). Non Jira person data such as name, role and description is stored in Google firebase (europe) with no public access. Images for non Jira users is stored in Google cloud storage with the url having public access.
Do you have any questions?
We are happy to support you at firstname.lastname@example.org.