Atlassian Privacy Policy

This document is Atlassian's global privacy policy, governing the collection, use, storage, and disclosure of personal information across Atlassian's products and services (including Jira, Confluence, Bitbucket, Jira Service Management, and related cloud offerings), with stated legal bases including contract performance, legitimate interests, consent, and legal obligation depending on jurisdiction. The policy states that Atlassian collects name, email address, telephone number, job title, billing information, device identifiers, IP addresses, browser type, usage data, and content users create or upload within services, and authorizes sharing of this information with third-party service providers, corporate affiliates, resellers and channel partners, and in connection with business transfers. The policy asserts a broad 'legitimate interests' basis for certain marketing and analytics processing, which may require evaluation under GDPR Article 6 where data subjects have not provided explicit consent; the policy also states that Atlassian acts as a data processor with respect to customer data uploaded by enterprise administrators, which has material implications for enterprise customers negotiating data processing agreements. The policy engages GDPR and UK GDPR (covering EEA and UK residents), CCPA and CPRA (covering California residents), and references additional regional frameworks; enforcement authorities include the relevant EU data protection supervisory authorities, the UK Information Commissioner's Office, and the California Privacy Protection Agency. Material compliance considerations include the adequacy of disclosed cross-border data transfer mechanisms (including Standard Contractual Clauses), the scope of the processor versus controller distinction as applied to different data categories, and the completeness of data subject rights procedures for deletion, access, portability, and objection.