Scroll Viewport adheres to the Atlassian Marketplace security requirements for Cloud apps to pull and upload content from Confluence Cloud to a - site.

All the content that has been uploaded to a is publicly available to anyone on the web.

How Viewport accesses your content on Confluence

When you install the app, a new technical Confluence user called "Scroll Viewport for Confluence Cloud" is added as a user to your Confluence instance.

The app user is used by Scroll Viewport to pull the content from the content sources to your Viewport site. What content the user can pull is limited by the permissions you give to this user on your Confluence instance and spaces.

Only a logged in Confluence admin or a Confluence user that is a member of the Scroll Viewport administrator group can trigger the process to pull content from Confluence space(s) to a Scroll Viewport site. This can only be done from the Confluence instance which was used to create the site.

How Viewport pulls and stores content to make it public

Viewport pulls content from Confluence using a Confluence REST API with HTTPS and JWT based authentication. The content is stored on AWS in a multi-tenant architecture as soon as you generate a preview of your site.

Viewport only pulls, stores and publishes the content that you have added as a content source to your Viewport site (unless custom restrictions are set).

For Scroll Documents, only the versions you have selected are pulled, stored and published. Also note that images uploaded asset library in the theme editor are only pulled if they are selected and used in the theme for your site.

When you generate a preview, anyone with a link to it will be able access the site. While leaking this link is technically possible, it’s practically impossible for someone without the link to guess the URL since it contains 32 random characters.

Only the Confluence instance that the site is created from can make changes to the site. Content is only made available to the public if an authorised Confluence users updates or takes the site live by clicking the Go live button in the app.

Any content which was published to the web can be taken offline again by clicking the Take offline button in the app.

You can find more information about our company-wide data policies in the K15t data security statement.