Back to SprintGuard

Privacy Policy

Last updated: February 24, 2026

SprintGuard is built on a zero data retention principle. Your Jira issue content is analysed in real-time and never stored permanently on our servers.

1. Who We Are

SprintGuard ("we", "our", or "us") is a software product operated as a trading name. Our registered contact is info@sprintguard.ai.

SprintGuard is an Atlassian Forge application that provides automated quality gating for Jira issues. This policy describes how we handle data when you use our Jira plugin and when you visit our website (sprintguard.ai).

2. Our Zero Data Retention Principle

We do not store your Jira issue content. When SprintGuard analyses a ticket, the following happens:

  1. A Jira webhook fires when an issue is created or updated and sends issue content (title, description, acceptance criteria) to our API.
  2. The content is placed in a temporary processing queue backed by Redis. This queue data is automatically purged within 24 hours and typically within seconds of processing completion.
  3. Issue data is transmitted to SprintGuard's external API server for processing. This server operates outside Atlassian's infrastructure and is hosted on AWS (us-east-1).
  4. Issue content is processed by our Semantic Analysis Engine, which is powered by Anthropic's Claude language model. We do not log or persist the content after the analysis is complete.
  5. The analysis result (a quality score and feedback) is written back to your Jira instance as a Jira Entity Property — stored by Atlassian, not us.
  6. After processing, no copy of your issue content remains on SprintGuard infrastructure.

3. Data We Process (Not Store)

When you use the SprintGuard Jira plugin, we transiently process the following data solely for the purpose of generating a quality analysis:

  • Jira issue title
  • Jira issue description
  • Acceptance criteria fields
  • Jira issue key and project identifier (for routing only)
  • Issue type, status, and linked issue statuses — used to detect blocked or stalled issues for analysis context. Contains no personal data.
  • The Atlassian account ID of the acting user — used transiently as a rate-limiting key in our cache (TTL < 24 hours). It is never logged, persisted to a database, or passed to any third-party service, including our AI provider.
  • The Atlassian account IDs of users associated with the event (e.g. watchers, participants) — received transiently to determine the number of involved users for analysis context. These account IDs are stripped at the API boundary and are never stored, logged, or passed to any third-party service.

We do not process or access: comments, attachments, passwords, billing information, or any data outside the fields listed above.

Plugin Configuration (Forge Storage)

SprintGuard stores its own plugin-specific configuration using Atlassian Forge's built-in key-value storage. This includes two categories:

  • Enablement settings — such as which Jira projects have SprintGuard active. This data remains entirely on Atlassian's infrastructure and is never transmitted externally.
  • Project context settings — such as defined technologies and architecture preferences, used to generate architecture-aware quality reviews. This configuration is transmitted to SprintGuard's external API alongside issue content during analysis. It is processed transiently and never stored permanently on our servers.

Confluence (Upcoming Feature)

A future release of SprintGuard will optionally access Confluence page content linked to a Jira issue to enrich quality analysis. This will follow the same zero-retention principle — content will be processed transiently and never stored. This policy will be updated before that feature is activated.

4. Third-Party Services

SprintGuard uses the following third-party services during issue processing:

Anthropic (Claude)

Purpose: AI-powered semantic quality analysis of issue content.

Retention: Anthropic may retain API inputs for up to 30 days for abuse detection purposes per their usage policy. We recommend reviewing Anthropic's Privacy Policy at anthropic.com/privacy.

Location: United States

Amazon Web Services (AWS)

Purpose: Hosts our API server (Elastic Beanstalk, us-east-1 region). Data is transmitted through AWS infrastructure but not stored persistently.

Retention: Transient only — no long-term storage on AWS beyond standard infrastructure logs (retained up to 7 days).

Location: United States (us-east-1)

Atlassian Forge Platform

Purpose: Our plugin runs natively on Atlassian's Forge infrastructure. Atlassian handles authentication, API access tokens, and plugin execution environment.

Retention: Governed by Atlassian's Privacy Policy at atlassian.com/legal/privacy-policy.

Location: Atlassian's infrastructure

5. Website Visitors (sprintguard.ai)

When you visit our website, we do not use tracking cookies, analytics scripts, or third-party advertising pixels. We do not collect any personal data from website visitors beyond what you voluntarily submit.

If you submit your email address via our early access form, it is stored solely to notify you when SprintGuard becomes available. We will not use it for marketing unrelated to SprintGuard, and we will not sell or share it with third parties. You can request removal at any time by emailing info@sprintguard.ai.

6. Security

All data in transit is encrypted via TLS. Our API endpoints are protected by cryptographic verification of Atlassian Forge Invocation Tokens (JWT) — only requests originating from your authenticated Jira instance are accepted. We do not expose admin interfaces publicly.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete personal data we hold about you. Since we operate on a zero data retention principle, the only personal data we may hold is your email address if you joined our early access list.

To exercise any of these rights, contact us at info@sprintguard.ai. We will respond within 30 days.

8. Children's Privacy

SprintGuard is a professional B2B tool intended for use by adults in a workplace context. We do not knowingly collect data from individuals under 18 years of age.

9. Changes to This Policy

We may update this policy as the product evolves. Material changes will be communicated via the SprintGuard website or by email to registered users. The date at the top of this page reflects when it was last updated.

10. Contact

For any privacy-related questions or requests, contact us at info@sprintguard.ai.

© 2026 SprintGuard. All rights reserved. Back to home