Privacy Policy

Last updated: April 10, 2026

1. About This Policy

This Privacy Policy describes how SprintCap ("we", "us", or "our"), available at sprintcap.info, collects, uses, and protects your personal information. It applies to all users of the Service, including Scrum Masters who connect a squad to Atlassian Jira. For questions or requests, contact us at fseguerra1@gmail.com.

2. Information We Collect

Via Google Sign-In:

  • Full name — displayed in the application to personalise your session.
  • Email address — used as a unique account identifier. We do not send emails to this address.
  • Profile picture URL — displayed as your avatar in the sidebar.

Automatically collected:

  • Session cookie — a secure, HTTP-only cookie that maintains your authenticated session. It contains no personal information.

Via Jira integration (optional — only when a Scrum Master connects a squad to Jira):

When you authorise SprintCap to connect to your Atlassian Jira account via OAuth 2.0, we access and store the following data from your Jira project:

  • Issue title — displayed as the ticket name in SprintCap.
  • Issue type — e.g. Story, Bug, Task.
  • Original estimate — the time estimate set in Jira, imported as the SprintCap ticket estimate.
  • Jira issue reference — e.g. PROJ-123, used to link back to Jira.
  • Sprint name — the Jira sprint the issue belongs to.
  • Assignee display name — used to match the Jira assignee to a SprintCap squad member by name.
  • Atlassian Cloud URL and project key — to identify which Jira instance and project are connected.
  • OAuth access and refresh tokens — encrypted at rest using AES-256-GCM and stored per squad. Used to access Jira on your behalf.

We do not access or store: issue descriptions, comments, attachments, watchers, work logs, issue links, custom fields, or any data outside the connected project.

We do not collect browsing history, device identifiers, IP addresses, or location data.

3. How We Use Your Information

Your personal information is used exclusively for the following purposes:

  • Authentication: to verify your identity and create a secure session.
  • Data isolation: to ensure your squads, sprints, and capacity data are visible only to authorised users.
  • Personalisation: to display your name and avatar within the application.
  • Jira import: to retrieve sprint issues from your connected Jira project and populate SprintCap's backlog on your request.
  • Jira sync: to refresh ticket data from Jira when you trigger a sync.

We do not use your information for any purpose beyond what is listed above.

4. What We Will Never Do

  • Send you promotional emails, newsletters, or any unsolicited commercial messages.
  • Sell, rent, trade, or transfer your personal information or Jira data to third parties for commercial purposes.
  • Access your Jira data outside of explicit import or sync actions you initiate.
  • Access Jira projects or issues beyond the project you have connected to your squad.
  • Profile you, build a behavioural database, or use your data for advertising or analytics.
  • Share your data with advertisers or data brokers.

5. Third-Party Service Providers

To operate the Service, we rely on the following trusted third-party processors. Each is bound by its own privacy policy and applicable data protection law:

Google LLC

OAuth 2.0 identity provider — handles the sign-in flow. See policies.google.com/privacy.

Atlassian Pty Ltd

Optional Jira integration — when a squad is connected, SprintCap accesses your Jira project on your behalf using OAuth 2.0 tokens. Atlassian processes the authorisation flow and serves issue data. See atlassian.com/legal/privacy-policy.

Vercel Inc.

Web hosting and serverless function provider. See vercel.com/legal/privacy-policy.

Neon Technologies Inc.

Serverless PostgreSQL database hosting. Your application data — including encrypted Jira OAuth tokens — is stored on Neon servers. See neon.tech/privacy.

We do not authorise any of these providers to use your personal information for their own marketing purposes.

6. Data Retention

Your personal information (name, email, profile picture) is retained for as long as your account remains active. Application data (squads, sprints, tickets, capacity records) is retained indefinitely to preserve your planning history, unless you request deletion.

Jira connection data: OAuth tokens and Jira connection settings are retained for as long as the squad remains connected to Jira. They are permanently deleted when you disconnect Jira from a squad, or when the squad is deleted. Imported ticket data (title, estimate, Jira reference) persists as part of the sprint record unless you delete the sprint or request full account deletion.

Upon a verified deletion request, we will remove your personal information and all associated application data from our systems within 30 days.

7. Security

We take reasonable precautions to protect your personal information:

  • All data is transmitted over HTTPS (TLS encryption).
  • We do not store passwords. Authentication is delegated entirely to Google OAuth.
  • Session tokens are stored in secure, HTTP-only cookies.
  • Jira OAuth access and refresh tokens are encrypted at rest using AES-256-GCM before database storage. The encryption key is never stored in the database.
  • Database access is restricted and managed by Neon's infrastructure security controls.

No method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Your Privacy Rights

You have the following rights regarding your personal information held by SprintCap:

  • Right of Access: You may request a summary of the personal information we hold about you.
  • Right of Correction: If your information is inaccurate, you may request a correction.
  • Right of Deletion: You may request that your account and all associated personal information be deleted within 30 days.
  • Right to Disconnect Jira: You may disconnect your squad's Jira connection at any time from the Team section. This immediately deletes your OAuth tokens from our systems.
  • Right to Withdraw Consent: You may withdraw consent at any time by ceasing to use the Service and submitting a deletion request.

To exercise any of these rights, email fseguerra1@gmail.com with the subject line "Privacy Request". We will respond within 30 calendar days.

9. Children's Privacy

SprintCap is intended for professional use by adults. The Service is not directed at persons under the age of 13. If you believe a child has provided us with personal information, please contact us at fseguerra1@gmail.com and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, the "Last updated" date at the top of this page will be revised. Your continued use of the Service after any changes constitutes your acceptance of the revised Policy.

11. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal information — including access, correction, deletion, and Jira data removal requests — please contact:

fseguerra1@gmail.com

We aim to respond to all privacy requests within 30 calendar days.