Good question. We are based on Chromium, the open-source Web browser project started by Google that powers Google Chrome. Therefore on that part the same security model as Chrome applies. On the data side, most information is stored locally on your computer. Very few information is actually stored in our database therefore reducing the risk. For instance we do not store any username, passwords or token you use to login into your app in our database.
Now we haven't yet worked directly with infosec departments so we are well aware that there is still work to be done for us to be fully vetted.
As for adding an internal Jira instance, you can do that directly from the app store in the Station app. Click on the "+" button at the bottom right of the screen and you can request a custom app (visible either just to you or your entire team).
Good point, I definitely understand the concern. We only see the main domain, whatever comes after the "/" in the URL isn't visible to us or anyone else.
We get Chromium updates when we upgrade to a new version of Electron. We rely on Electron integrating the new version (typically there is always a delay) to be up to date.
Now we haven't yet worked directly with infosec departments so we are well aware that there is still work to be done for us to be fully vetted.
As for adding an internal Jira instance, you can do that directly from the app store in the Station app. Click on the "+" button at the bottom right of the screen and you can request a custom app (visible either just to you or your entire team).