How we handle data privacy
Our privacy program
Atlassians take privacy seriously, and we work together to handle your data responsibly. Our Privacy Program is tailored to meet both legal requirements as well as your needs, through a foundation of:
- Privacy by design: we integrate privacy by design into our products as described in our Privacy Principles.
- Transparency: you can find all the information you need on how Atlassian safeguards your privacy by visiting our Legal information page. Here you’ll find our Privacy Policy, Data Processing Addendum, Security Measures, Sub-processor List, and more.
- Regular training: Atlassian staff that access and process customer personal data are trained on how to handle it, and are bound to maintain its confidentiality and security.
Read more about how we handle your data below.
Security and certifications
Protecting our customers' information and their user's privacy is extremely important to us. We're entrusted with some of our customer's most valuable data, which is why we have built security into every layer of the Atlassian Cloud architecture. Visit the Atlassian Security Practices page to learn more about our approach to security.
We’ve also devoted significant resources towards ensuring our Cloud products are built and designed in accordance with widely accepted standards and certifications. These standards mirror data privacy law requirements and give our customers a transparent framework by which to measure our software development and data management practices. To learn more about our Risk Management Program, current certifications, and commitments for our Cloud products, please see the Compliance page on our Trust Center.
Data location
Data hosting location determinations are based on reducing latency and achieving optimal performance for you and your users. Learn more, including about how you can control the location of your data, by visiting Manage your business’s data privacy.
International data transfers
As a company with a global customer base and operations, Atlassian must be able to transfer and access data around the world. We understand and respect the rules for onward transfers of personal data, and offer customers a robust international data transfer framework as a part our Data Processing Addendum.
We also publish our Data Transfer Impact Assessment to assist customers in conducting a risk assessment for the transfer of personal data in connection with Atlassian’s provision of its services (including Cloud products and the Forge platform).
Your data and third parties
Whenever we share your data with Atlassian service providers, we remain accountable to you for how it is used. We require all service providers to undergo a thorough cross-functional diligence process to ensure our customers' personal data receives adequate protection. This process includes a review of the data Atlassian plans to share with the service provider and the associated level of risk, the supplier’s security policies, measures, and third party audits, and whether the supplier has a mature privacy program that respects the rights of data subjects. We provide a list of our sub-processors on our Sub-Processors page (subscribe to our Legal Updates here to stay up-to-date on any changes).
Atlassian won’t share your information absent proper process. We provide additional information about our policies and procedures for responding to law enforcement or government requests for user data in our Guidelines for Law Enforcement. We also publish an annual Transparency Report with information about government requests for users' data as well as government requests to remove content or suspend accounts.