1. Scope and Purpose
If we identify a security incident affecting a covered product, we aim to communicate in a way that is prompt, honest, and useful. The goal is to help customers understand what happened, what we know, what we have done, and whether they need to take action.
2. Covered Products
| Product | Current purpose |
|---|---|
| Campaign Operations Playbook for Confluence | Provides structured campaign planning, launch, reporting, and retrospective workflow content inside Confluence. |
| Content Workflow Templates for Confluence | Provides structured content intake, briefing, planning, review, publishing, and performance workflow content inside Confluence. |
3. What We Mean by a Security Incident
A security incident is a confirmed or reasonably suspected event involving unauthorized access, unintended exposure, misuse, compromise, or other security-relevant harm affecting a covered product, its runtime, or potentially customer data.
4. Communication Principles
- be honest
- be thorough
- do not hide the practical impact
- do not imply certainty where facts are still under investigation
- tell customers what they need to do, if anything
5. Information We Aim to Include
- affected product name
- nature of the incident and known time period
- how the issue was identified
- what we did to investigate
- what we did to contain or remediate the issue
- what actual or likely customer impact exists
- whether customers need to take any action
6. Delivery Channels
Depending on the circumstances, we may communicate through the support channel, customer email, Marketplace-related coordination, or public trust pages. Where appropriate, we may issue an updated statement as the investigation develops.
Primary support route: https://infrafastlane.dev/support/
7. Customer-Facing Incident Template
Hello, We are writing to inform you of a security incident that was recently identified in [affected product name]. What happened: [Describe the nature of the incident and the relevant time period.] How we found it: [Explain how the issue was identified.] What we did: [Summarize the investigation and the remediation or containment steps already taken.] What this means for you: [State the known or likely customer impact. If no current impact is known, say that clearly.] What you need to do: [List any customer actions, or say that no customer action is required at this time.] We take this matter seriously and will continue to update affected customers if materially relevant facts change. If you have questions, please contact:Support for Campaign Operations Playbook for ConfluenceSincerely, InfraFastlane
8. Product Notes for the Current App Portfolio
Campaign Operations Playbook for Confluence
The current version is a low-permission, copy-oriented Forge app. It does not operate an external backend, does not declare external egress, and does not request Confluence read or write scopes.
Content Workflow Templates for Confluence
The current version follows the same low-permission model. It is intended to let users browse, search, preview, and copy workflow content without automatically creating, editing, deleting, reading, exporting, or analyzing customer Confluence pages.
9. Related Pages