SprintHelm
Security

Enterprise-grade security. Zero compromise on your backlog data.

Your backlog contains your roadmap, your priorities, and your competitive strategy. We treat it accordingly.

Encryption

  • TLS 1.3 in transit — all data between your browser and SprintHelm servers is encrypted
  • AES-256 at rest — stored simulation history and workspace data encrypted at the block level
  • Keys managed via AWS KMS with automatic annual rotation

Authentication & Access

  • OAuth 2.0 — sign in with Google or email/password
  • SSO / SAML 2.0 available on Enterprise
  • Role-based access control (admin / member) on Team and Enterprise
  • Session tokens are short-lived and rotated on every sign-in

Data Handling

  • Free and Pro: backlog data is processed in-memory and not persisted — cleared when your session ends
  • Team and Enterprise: simulation history stored in encrypted workspaces (EU-West-1 by default)
  • Enterprise: alternative data residency regions available on request
  • We never use your backlog or ticket data to train any AI model

Compliance

  • GDPR-compliant data processing for all EU users
  • SOC 2 Type II report available to Enterprise customers under NDA
  • Data Processing Agreement (DPA) available — contact enterprise@sprinthelm.com
  • Audit logs available on Enterprise for compliance review

Payments

  • All payment processing handled by Stripe — we never store or handle card data
  • PCI DSS compliance managed entirely by Stripe
  • Billing emails are the only payment-related data SprintHelm retains

Need a security review?

Security questionnaires, DPAs, SOC 2 reports, and custom compliance reviews available for enterprise prospects.

Contact enterprise@sprinthelm.com