Privacy

We commit to meeting the highest bar for personal data privacy, and support your organization in meeting data privacy obligations around the world.

 

 

Atlassian and the GDPR

We invest significant strategic resources in maintaining compliance with the GDPR and we also aim to help our customers comply with the processes and policies outlined. Where applicable, we institute appropriate international data transfer mechanisms by executing Standard Contractual Clauses through our updated Data Processing Addendum.

Data Transfers from Europe to the US

Atlassian adheres to Standard Contractual Clauses as a means to transfer data from the EEA and UK to the US. Please see our Data Protection Addendum, which includes SCCs, here.

Although Privacy Shield has been invalidated, we are still committed to honoring our obligations regarding data protection under its framework.

Your data is our responsibility

 

Our internal privacy processes and procedures are documented transparently, so you can rest assured your data is handled with the utmost care.

Atlassian Transparency Report

As part of our commitment to earning and maintaining your trust, we publish an annual Transparency Report with information about government requests for data. Atlassian will scrutinize every request for legal validity, and if required to comply, we will respond as narrowly as possible to the specific request.

Guidelines for Law Enforcement

Atlassian’s values underpin our approach to responding to law enforcement requests for customer data. To protect customers’ data privacy and rights, we only provide customer information to law enforcement when we reasonably believe there’s a legal requirement to do so and after comprehensive legal review.

Atlassian’s approach to handling customer data

We’ve developed and implemented comprehensive processes, privacy safeguards, and ongoing training for our teams to ensure we are following industry best practices. Across the organization, our teams are regularly trained and updated on essential privacy and security practices.

Take Control of Your Data

Manage your business’ data privacy

Data is critical to the success of your business. That’s we are transparent about how we store your company data and where your data is located. We give you the option to completely remove your data from our services, so you can rest assured that your company data is in your control.

Manage your personal data privacy

We provide controls to delete personal information, whether you are an Atlassian account holder or responding to a managed user’s requests to delete personal information. We also empower you with User Profile Visibility Controls, so you can decide what personal information is visible across Atlassian cloud products and public communities, such as the Atlassian Community and the Developer Community.

Decide where your data is located

With the upcoming Enterprise cloud plan we are making data residency management available for Jira Software, Jira Service Management and Confluence Cloud. This will give admins the ability to configure data locally for a subset of their data at rest, such as Jira tickets and Confluence pages.

Keeping up with GDPR Compliance

GDPR compliance is an ongoing effort and we are committed to helping our customers secure personal data and maintain compliance for the long-term. Atlassian shares several strategies you can use to keep your company up-to-date with GDPR requirements.

Compliance

Don’t just take us at our word – we encourage you to inspect and verify our security and privacy practices and operations. Our team is constantly working to expand coverage to help organizations meet compliance needs.

Our compliance program

SOC 2

SOC 2 (System and Organization Controls) is a regularly refreshed report that focuses on non-financial reporting controls as they relate to security, availability, and confidentiality of a cloud service.

We currently offer SOC 2 reports for Jira and Confluence Cloud, Bitbucket Cloud, Trello, Opsgenie, Statuspage, and Jira Align.

Please download the report you want to view:

Jira & Confluence Cloud SOC2 Type II

Bitbucket Cloud SOC2 Type II

Trello SOC2 Type II

Opsgenie SOC2 Type II

Statuspage SOC2 Type II

Atlassian SOC2 Bridge Letter 2020

Jira Align

SOC 3

SOC 3 (System and Organization Controls) is a regularly refreshed report that focuses on internal controls as they relate to security, availability, and confidentiality of a cloud service.

Download SOC3 for:

Jira and Confluence Cloud

Bitbucket Cloud

Trello

Opsgenie

Statuspage

Jira Align

 

PCI DSS

The Payment Card Industries Data Security Standard is an information security standard for the handling of credit card information.

Download our PCI Attestations of Compliance (AoC) for:

Halp (2020)

Jira, Confluence, Bitbucket and LearnDot (2020)

Opsgenie (2020)

Statuspage (2020)

Trello (2020)

ISO/IEC 27001

ISO 27001 is specification for an information security management system (ISMS), which is a framework for an organization’s information risk management processes.

Products included in certification: Jira Cloud, Confluence Cloud, Bitbucket Cloud, Trello, Opsgenie, Jira Align and Statuspage

View certificate

ISO/IEC 27018

ISO 27018 is a code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors.

Products included in certification: Jira Cloud, Confluence Cloud, Bitbucket Cloud, Trello, Opsgenie, Jira Align and Statuspage

View certificate

VPAT

The Voluntary Product Accessibility Template is a document used by providers to self-disclose the accessibility of a particular product.

Learn more

FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. Federal government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

View individual status on the FedRAMP Marketplace for the following products:

Vendor Management and Security Assessment Program

Our data centers, co-location, and managed service providers undergo a thorough security assessment as a part of the evaluation process and then undergo regular SOC1, SOC2 and/or ISO/IEC 27001 audits thereafter. In the event these audits have material findings, which present risks to Atlassian or our customers, we work closely with the vendor to track their remediation efforts until the issue has been resolved.

The Atlassian Controls Framework

Our Common Controls Framework is a set of security activities and controls Atlassian implements across our global product and infrastructure teams. To create this framework, we analyzed the requirements of all the certifications that apply to Atlassian customers around the world. This holistic and structured approach to compliance enables us to consistently implement these controls across Atlassian’s products and infrastructure.

Cloud Security Alliance Membership

Atlassian is a member of the Cloud Security Alliance (CSA), a not-for-profit organization whose mission is to promote best practices for security assurance in cloud computing. CSA’s Security, Trust & Assurance Registry (STAR) is a publicly accessible registry that documents industry-verified security controls. We routinely update a Consensus Assessment Initiative (CAI) Questionnaire and make it publicly available to view.

Download our CAI Questionnaire

Risk Management Program

Integrating enterprise risk management throughout an organization improves decision-making in governance, strategy, objective-setting, and day-to-day operations. Atlassian’s risk management program is at the focal point of our Risk and Compliance team and serves as foundational element of our decision making process. Our program is modeled after ISO31000-2009 “Risk Management – Principles and Guidelines” and assessments are performed annually as well as on an as needed basis, throughout the year.

Get more visibility into our cloud platform roadmap

We’re committed to providing visibility into our upcoming security, compliance, privacy, and reliability releases wherever possible.

Have more questions about our Compliance program?

Do you have cloud certifications? Can you complete my security & risk questionnaire? Where can I download more information?