Q1. Is Pact FedRAMP‑authorized?
No. AGC itself (Jira, Confluence, JSM) is FedRAMP Moderate; Marketplace apps are authorised by each customer as external services based on their own risk process. See security and compliance on the AGC
Q2. Does Jira issue data ever leave AGC because of Pact?
Runtime processing happens entirely on Atlassian’s Forge platform with the Runs on Atlassian model, which uses only Atlassian‑hosted compute and storage and lets customers fully control any analytics egress. Jira data is not sent to an Optimizory‑hosted database.
Q3. Where is app data stored for AGC tenants?
In‑scope app data (configuration, minimal state) is stored in Atlassian‑hosted storage tied to your Jira site and follows US data residency for AGC. Jira issues stay in Jira.
Q4. Is the AGC version functionally different from the commercial Jira Cloud version?
The AGC version is designed to provide the same core Pact reporting capabilities (standard & custom reports, saved views and exports). Any differences are only where AGC itself lacks a feature or integration that exists in commercial cloud; these will be documented in the change log if they appear.
Q5. How do we get a pre‑filled text for our internal ATO template?
Use the App authorization template page; it’s written so your security team can copy‑paste into their own forms.