How we handle data privacy
Our privacy program
Atlassians take privacy seriously, and we work together to handle your data responsibly. Our Privacy Program is tailored to meet both legal requirements as well as your needs, through a foundation of:
- Detailed analysis: we commit to carrying out Data Protection Impact Assessments to ensure proper treatment of data, in consultation with regulators where appropriate
- Privacy by design: we integrate privacy by design into our products as described in our Data Processing Addendum
- Regular training: Atlassian staff that access and process Atlassian customer personal data are trained on how to handle it, and are bound to maintain its confidentiality and security
- News and updates: we share updates on developments to global privacy laws on our Data Processing Addendum page
Read more about how we handle your data below.
Security and certifications
Protecting our customers' information and their user's privacy is extremely important to us. We're entrusted with some of our customer's most valuable data, which is why we have built security into every layer of the Atlassian Cloud architecture. Visit the Atlassian Security Practices page to learn more about our approach to security.
We’ve also devoted significant resources towards ensuring our Cloud products are built and designed in accordance with widely accepted standards and certifications. These standards mirror data privacy law requirements and give our customers a transparent framework by which to measure our software development and data management practices. To learn more about our Risk Management Program, current certifications, and commitments for our Cloud products, please see the Compliance page on our Trust Center.
Though rare, data incidents may happen. We will assist with notifying regulators of breaches and promptly communicating any breaches to customers and users. Learn more about our process for handling security incidents here.
Data location
Data hosting location determinations are based on reducing latency and achieving optimal performance for you and your users. Learn more, including about how you can control the location of your data, by visiting Manage your business’s data privacy.
International data transfers
As a company with a global customer base and operations, Atlassian must be able to transfer and access data around the world. We understand and respect the rules for onward transfers of personal data, and offer customers a robust international data transfer framework as a part our Data Processing Addendum. This addendum contains specific provisions to assist customers in their compliance with the GDPR within the EEA and UK as well as applicable US data protection laws, including the California Consumer Privacy Act (CCPA).
To learn more about our Data Processing Addendum, see our Privacy FAQs. For more information on how we transfer and process personal data, see our Privacy Policy.
If you have questions about data transfers or Atlassian’s DPA specific to Europe, please see this page.
Your data and third parties
Whenever we share your data with Atlassian service providers, we remain accountable to you for how its used. We require all service providers to undergo a thorough cross-functional diligence process by subject matter experts in our Security, Privacy, and Risk & Compliance Teams to ensure our customers' personal data receives adequate protection. This process includes a review of the data Atlassian plans to share with the service provider and the associated level of risk, the supplier’s security policies, measures, and third party audits, and whether the supplier has a mature privacy program that respects the rights of data subjects. We provide a list of our sub-processors on our Sub-Processors page (subscribe to our RSS feed so you can stay up-to-date on any changes).
Atlassian won’t share your information absent proper process. We also provide additional information about our policies and procedures for responding to law enforcement or government requests for user data in our Guidelines for Law Enforcement. We also publish an annual Transparency Report with information about government requests for users' data as well as government requests to remove content or suspend accounts.
Your data in our products
We strive to give you specific examples of how we deliver on our commitment to our Privacy Principles, and how we handle the data you entrust to us and our products.
We’re starting by providing you more details around how we use machine learning to deliver intelligent experiences.