Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This is Atlassian's privacy policy, covering how the company collects and uses personal information across its products including Jira, Confluence, and Bitbucket. Atlassian states it collects identifiers, usage data, device information, billing details, and content you create or upload, and may share this with service providers, affiliates, resellers, and in the event of a corporate transaction such as a merger or acquisition. You can submit requests to access, correct, delete, or export your personal data by visiting Atlassian's privacy request page at https://www.atlassian.com/legal/privacy-policy#your-rights.
This document is Atlassian's global privacy policy, governing the collection, use, storage, and disclosure of personal information across Atlassian's products and services (including Jira, Confluence, Bitbucket, Jira Service Management, and related cloud offerings), with stated legal bases including contract performance, legitimate interests, consent, and legal obligation depending on jurisdiction. The policy states that Atlassian collects name, email address, telephone number, job title, billing information, device identifiers, IP addresses, browser type, usage data, and content users create or upload within services, and authorizes sharing of this information with third-party service providers, corporate affiliates, resellers and channel partners, and in connection with business transfers. The policy asserts a broad 'legitimate interests' basis for certain marketing and analytics processing, which may require evaluation under GDPR Article 6 where data subjects have not provided explicit consent; the policy also states that Atlassian acts as a data processor with respect to customer data uploaded by enterprise administrators, which has material implications for enterprise customers negotiating data processing agreements. The policy engages GDPR and UK GDPR (covering EEA and UK residents), CCPA and CPRA (covering California residents), and references additional regional frameworks; enforcement authorities include the relevant EU data protection supervisory authorities, the UK Information Commissioner's Office, and the California Privacy Protection Agency. Material compliance considerations include the adequacy of disclosed cross-border data transfer mechanisms (including Standard Contractual Clauses), the scope of the processor versus controller distinction as applied to different data categories, and the completeness of data subject rights procedures for deletion, access, portability, and objection.
Institutional analysis available with Professional
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.
Start Professional free trialMonitoring
Atlassian has updated this document before.
Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
Professional Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Professional free trialCross-platform context
See how other platforms handle Administrator Control Over User Data and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.