/
Privacy Policy — Enterprise Sprint Automation — Bulk Create & Auto Start/End

Privacy Policy — Enterprise Sprint Automation — Bulk Create & Auto Start/End

This Privacy Policy explains how Divim, Inc. ("we", "us", "the vendor") handles personal and customer data when a Jira Cloud site installs and uses Enterprise Sprint Automation — Bulk Create & Auto Start/End ("the app"). It applies to all versions of the app.

1. Summary

  • The app is a native Atlassian Forge app. It runs inside Atlassian's cloud. No customer data is transmitted to the vendor or to any third party.

  • The app stores only the minimum configuration required to automate sprints. It does not store Jira issue content, sprint contents, user profiles, or email addresses.

  • Atlassian is the hosting provider for all customer data the app accesses. Atlassian's Privacy Policy governs that infrastructure: https://www.atlassian.com/legal/privacy-policy.

2. Roles

Under GDPR / UK GDPR terminology:

  • The customer (the Atlassian site administrator's organization) is the data controller for the Jira data the app processes.

  • Divim, Inc. is a data processor for any customer data processed by the app.

  • Atlassian is a sub-processor providing the Forge runtime, storage and networking.

3. What data the app processes

3.1 Data read from Jira on demand

To perform its function, the app reads the following from Jira through the Jira REST API:

  • Scrum board metadata (board ID, name, space).

  • Sprint metadata (sprint ID, name, state, start date, end date, associated board).

  • Issue references contained in a sprint, for the purpose of moving unfinished work to the backlog or to the next sprint during sprint close.

  • The accountId of the currently signed-in Jira user, so the app can perform the admin and space-admin authorization checks required by its configuration operations.

Jira data is processed in memory and is not persisted by the app except as set out in section 3.2.

3.2 Data the app stores

The app stores only the minimum data required to run sprint automation: per-board configuration settings, sprint lifecycle housekeeping, application logs, and sprint report cards. All stored data remains exclusively within your Atlassian environment — no copy is held by the vendor or any third party. Configuration data is retained for the lifetime of the app install; log and report card data is automatically pruned as new entries arrive.

The app does not store:

  • Jira issue descriptions, comments, attachments or custom field values.

  • User email addresses, display names or avatars.

  • Any data from Jira spaces that are not associated with an opted-in Scrum board.

3.3 Personal data

The only identifier that may be stored by the app is a Jira accountId — an Atlassian-scoped opaque identifier — where the app retains the identity of the admin who last changed a per-board setting. No accountId is shared outside the Atlassian cloud.

Application log messages are composed by the app and are not intended to contain personal data. Where a Jira API error is logged, the log entry may include sprint IDs, board IDs or Jira error codes, but not issue content or user identifiers.

4. Legal basis for processing

For customers subject to the GDPR / UK GDPR, processing is carried out on one of the following bases, in each case specified by the customer in their role as controller:

  • Contract — processing is necessary to provide the app's automation features that the customer has installed and configured.

  • Legitimate interests — operating, securing and improving the app.

5. International data transfers

The app does not transfer personal data out of Atlassian's cloud. Where Atlassian transfers data between regions, those transfers are governed by Atlassian's own Data Processing Addendum and Standard Contractual Clauses. See https://www.atlassian.com/legal/customer-agreement.

6. Sub-processors

The app has a single sub-processor: Atlassian, Inc. and its group companies, providing the Forge platform on which the app runs.

The vendor does not use any analytics, advertising, error-reporting or customer-messaging sub-processor inside the app.

7. Retention

  • Configuration data is retained for the lifetime of the app installation.

  • Application logs and sprint report cards are capped at a fixed number of entries; older entries are deleted automatically as new ones arrive.

  • On uninstall, Atlassian deletes all data associated with the app as part of the standard Forge app-removal lifecycle. No copy of customer data is retained by the vendor outside Atlassian's cloud.

8. Data subject rights

Because the vendor does not store personal data outside the Atlassian cloud, data-subject requests (access, correction, deletion, restriction, portability, objection) are typically satisfied through the controller's own Jira administration tools or through Atlassian's processes.

Customers who require assistance with a data-subject request related to app-specific data (for example, the accountId of an admin retained against a board configuration) may contact support@divim.io. We will respond within the timeframes required by applicable law, and in any event within 30 days of a verified request.

9. Security

Security controls are described in the Security Policy, including encryption in transit and at rest, least-privilege Jira scopes, authentication, and the software development lifecycle.

10. Children

The app is a business-to-business product intended for use by Jira Cloud administrators. It is not directed at children under 16 and knowingly does not process data of children.

11. Changes to this policy

We may update this policy to reflect changes to the app or to applicable law. Material changes will be announced through the Marketplace listing and the Divim Trust Center, with an updated Effective date at the top of this document.

12. Contact

For privacy questions or data-subject requests:

For security issues, see Security Policy, section 10.

For general support, see the User Guide, section 12.