Application Security Policy

🔒 DiViM, Inc. Security Statement

Last updated: July 2025

1. Scope

This statement applies to DiViM, Inc., a New York City–based software company founded in 2018, and all its Atlassian Marketplace cloud apps, including Scrum Sprint Planning, Sprint Automation, and Backlog Refinement tools (marketplace.atlassian.com).

2. Security Governance & Compliance

• We comply with Atlassian Marketplace minimum Cloud App Security Requirements, including ecosystem-wide scanning via EcoScanner for vulnerabilities.
• We subscribe to Atlassian’s Security Bug Fix Policy, addressing and resolving vulnerabilities within required SLAs based on severity.
• We designate one or more security contacts, registered via Atlassian’s Ecosystem portal (ECOHELP), for receiving vulnerability alerts and coordinating incident responses.

3. Data Handling & Encryption

• All customer data is encrypted in transit using industry-standard TLS.
• Data at rest is encrypted using our cloud provider’s storage encryption.
• We only store and process the customer metadata necessary for app functionality, as disclosed on our Marketplace listing’s Privacy & Security tab.

4. Incident Response

• Security incidents are reported promptly to Atlassian and affected customers via ECOHELP.
• We maintain an incident response plan covering containment, forensic investigation, remediation, and post-incident review.

5. Vulnerability Management

• Our apps participate in the Atlassian Marketplace Bug Bounty Program to proactively identify issues.
• We commit to remediation timelines outlined in Atlassian’s Security Bug Fix Policy (e.g., critical issues within days, moderate ones within weeks).

6. Security Reviews & Testing

• We complete Atlassian’s mandatory Security Questionnaire during app onboarding and update cycles.
• Our apps undergo regular static and dynamic application security testing, and we address vulnerabilities flagged by EcoScanner.

7. Vendor Identity & Legal

• DiViM, Inc. has completed Atlassian’s required KYB (Know Your Business) and KYC (Know Your Customer) verification processes.
• We publish data privacy, bug disclosure, and acceptable use policies on our Marketplace listings.

8. Support & Reliability

• We offer commercial-grade support with a standard SLA (e.g., 24-hour response for Tier 1 tickets, Monday–Friday).
• Security updates and patches are delivered automatically or through customer-approved deployment workflows.

9. Continuous Improvement

• We continuously monitor Atlassian’s evolving security guidance and update our practices accordingly.
• We aim to participate in advanced security programs like Cloud Security Participant and Cloud Fortified to enhance customer trust.

10. Customer Transparency

• Each app lists security and data handling practices in the Privacy & Security tab on the Atlassian Marketplace.
• We encourage all customers to review this tab to understand our security posture.

📌 Summary

DiViM, Inc. meets Atlassian Marketplace’s baseline for security, privacy, and reliability. We proactively test, monitor, and fix issues; comply with bug-fix SLAs; and continuously improve in alignment with Atlassian’s security programs. We are committed to transparency and customer confidence in our Jira Cloud offerings.

Note: This statement is updated periodically to align with Atlassian policy changes and emerging best practices.
Last reviewed: July 2025