/
Vendor Questionnaire Response Policy

Vendor Questionnaire Response Policy

Purpose

This policy defines how Stratus Add-ons Ltd manages requests for security, compliance, operational, and due-diligence information received from customers, prospects, and third parties.

The objective of this policy is to ensure:

  • Consistent disclosure practices

  • Protection of sensitive security and operational information

  • Compliance with GDPR data minimization principles

  • Efficient handling of vendor risk and due-diligence requests

Scope

This policy applies to all requests for:

  • Security questionnaires

  • Due-diligence questionnaires

  • Vendor risk assessments

  • Compliance or governance information

  • Operational or organizational documentation

Disclosure Model

Stratus Add-ons Ltd follows a centralized disclosure model.

All security, compliance, and privacy-related information is made available through our Trust Center:

Trust Center
https://app.eu.vanta.com/marketplace.atlassian.com/trust/c2l8fysnvxfh41l10qpoin

This includes, but is not limited to:

  • Security and compliance posture

  • Certifications and controls

  • Data processing practices

  • Data locations

  • Subprocessors

  • Governance and policies

Questionnaire Requests

As a general rule:

Stratus Add-ons Ltd does not complete customer-specific or third-party security questionnaires.

This approach is based on:

  • GDPR data minimization principles

  • Protection of confidential security controls

  • Standardized disclosure practices

  • Alignment with SaaS industry best practices

Marketplace Procurement Model

Our applications are procured exclusively via the Atlassian Marketplace.

Under this model:

  • Atlassian acts as the reseller and contracting party

  • No supplier onboarding relationship exists between Stratus Add-ons Ltd and customers

  • Vendor risk processes should be aligned with Marketplace procurement

Exceptions

Exceptions to this policy may be considered only when:

  • A direct contractual relationship exists

  • A regulatory obligation requires additional disclosure

  • The request is proportionate and justified

All exceptions require internal approval.

Clarifications & Additional Questions

We are happy to address:

  • Specific security or compliance questions

  • Clarifications regarding published controls

  • Requests related to certifications or audits

Provided such requests are reasonable, proportionate, and aligned with our disclosure policy.

Contact

For security, compliance, or privacy inquiries: support@stratus-addons.com