/
Trust Center for Enterprise Sprint Automation: Security, Data Handling, and App Overview

Trust Center for Enterprise Sprint Automation: Security, Data Handling, and App Overview

📌 This page is the product-specific trust documentation for Enterprise Sprint Automation — Bulk Create & Auto Start/End. Divim maintains a single company-wide Trust Center as the canonical source for security, privacy, compliance, and legal posture across all products. Visit the Divim Trust Center.

Effective date: 2026-04-23

This page provides product-specific trust documentation for how Enterprise Sprint Automation — Bulk Create & Auto Start/End is built, how it handles your data, and the commitments we make to every customer. It is intended for security teams, procurement reviewers, data protection officers, and Jira administrators evaluating or managing the app. For Divim's company-wide posture, see the Divim Trust Center.

About the App

Enterprise Sprint Automation — Bulk Create & Auto Start/End is a native Atlassian Forge app for Jira Cloud. It automates the sprint lifecycle on every Scrum board you configure — closing active sprints on schedule, moving unfinished work, and starting the next sprint — and provides a Bulk Sprint Creation page built for enterprise planning ceremonies such as SAFe PI planning and quarterly planning.

The app runs entirely inside Atlassian's Forge platform. There is no external server, no non-Atlassian hosting, and no customer data transmitted to Divim, Inc. or any third party.

Trust and Security at a Glance

Attribute

Detail

Attribute

Detail

Platform

Atlassian Forge

Program

Designed to meet Atlassian Runs on Atlassian criteria

Data residency

Stays within your Atlassian environment

External servers

None

Third-party sub-processors

None (Atlassian is the sole infrastructure provider)

Authentication

Fully managed by Atlassian — no vendor-held credentials

API access

Least-privilege Jira scopes only

Encryption in transit

HTTPS / TLS, terminated by Atlassian

Encryption at rest

Atlassian-managed cloud storage

Personal data stored

Atlassian accountId of the last admin to update a board configuration only

Documents

User Guide

Step-by-step instructions for installing, configuring, and operating the app. Covers board configuration (including sprint target options, incomplete subtasks handling, parallel sprints, and the working-days calendar), bulk sprint creation, CSV import, bulk deletion, sprint report cards, the board options panel, application logs, troubleshooting, and how to contact support.

Read the User Guide

Security Policy

A full description of the app's hosting architecture, data residency, authentication and authorization model, encryption, secrets management, software development lifecycle, change management, logging, vulnerability disclosure process, incident response, and customer responsibilities.

Read the Security Policy

Key facts:

  • The app has no external servers and makes no outbound network calls outside Atlassian's cloud.

  • All persistent data is stored within your Atlassian environment, inheriting its data residency.

  • Vulnerability reports are acknowledged within 5 business days. Contact: support@divim.io

Privacy Policy

An explanation of what data the app reads and stores, the legal basis for processing, international data transfers, sub-processors, retention periods, data subject rights, and how to contact the vendor with privacy questions.

Read the Privacy Policy

Key facts:

  • No customer data is transmitted to Divim, Inc. or to any third party.

  • The app stores only the minimum per-board configuration needed to run sprint automation.

  • Jira issue content, sprint contents, user email addresses, and display names are never stored.

  • On uninstall, Atlassian deletes all app data as part of the standard Forge app-removal lifecycle.

Terms of Service

Enterprise Sprint Automation is distributed through the Atlassian Marketplace, and installation and use are governed by Atlassian's terms — the Atlassian Marketplace Terms of Use and the Atlassian Customer Agreement — rather than a separate Divim agreement. These cover the license grant, billing and subscriptions, acceptable use, warranties, limitation of liability, and governing law.

Read the Terms of Service

Atlassian Platform Security

Because the app runs on Atlassian Forge, the security posture of the underlying infrastructure is governed by Atlassian. This includes:

  • SOC 2 Type II, ISO 27001, and additional certifications held by Atlassian

  • Atlassian's Forge sandbox and tenant isolation model

  • Atlassian's data residency program for Jira Cloud

For details, see the Atlassian Trust Center.

Vulnerability Disclosure

If you believe you have found a security vulnerability in this app, please report it responsibly:

  • Do not open a public issue or post details publicly before a fix is available.

  • Email: support@divim.io

  • Include a description of the issue, steps to reproduce, and the affected app version.

  • We will acknowledge receipt within 5 business days and aim to remediate verified high-severity issues within 30 days.

Full details are in the Security Policy, section 10.

Contact

Purpose

Contact

Purpose

Contact

Security vulnerabilities

support@divim.io

Privacy and data-subject requests

support@divim.io

General support

support@divim.io

Website

https://www.divim.io

This page is reviewed at least annually. Material updates are announced through the Atlassian Marketplace listing. For Divim's canonical company-wide posture, see the Divim Trust Center.

Privacy Policy · Security Policy · Terms of Service