Atlassian · Atlassian Privacy Policy · View original document ↗

Controller-Processor Distinction for Enterprise Accounts

Medium severity High confidence Explicitdocumentlanguage Unique · 0 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for Atlassian Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.

This analysis describes what Atlassian's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

This distinction allocates data governance responsibilities between Atlassian and its customers according to data protection regulatory frameworks. The provision clarifies that Atlassian's obligations and liabilities differ depending on whether it is processing data for its own purposes or at the direction of a customer acting as controller.

Consumer impact (what this means for users)

For enterprise customers using Atlassian products, this provision establishes that the customer retains control over personal data processing purposes and methods, while Atlassian's processing activities are limited to executing the customer's documented instructions. This allocation affects compliance obligations, liability structures, and data handling procedures between the parties.

How other platforms handle this

Anthropic Medium

This Privacy Policy does not apply where Anthropic acts as a data processor and processes personal data on behalf of commercial customers using Anthropic's Commercial Services – for example, your employer has provisioned you a Claude for Work account, or you're using an app that is powered on the ba...

Figma Medium

If you are using our Services pursuant to a separate agreement with Figma that includes data processing terms, such as an enterprise agreement, those terms will govern the processing of personal data to the extent they conflict with this Privacy Policy.

Redfin Medium

We may record any telephone calls between you and our agents or other representatives for training and quality assurance purposes.

See all platforms with this clause type →

Monitoring

Atlassian has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
We collect and receive information as a data controller for our own purposes and as a data processor on behalf of our customers. When our customers use our products to process data about their end users and employees, we act as a data processor on their behalf. Our customers, as data controllers, determine the purposes and means of processing personal data in their Atlassian products.

— Excerpt from Atlassian's Atlassian Privacy Policy

Applicable regulations

CCPA/CPRA
California, USA
Colorado AI Act
US-CO
CAN-SPAM
United States Federal
ePrivacy Directive
European Union
FTC Act Section 5
United States Federal
GDPR
European Union

Provision details

Document information
Document
Atlassian Privacy Policy
Entity
Atlassian
Document last updated
May 5, 2026
Tracking information
First tracked
May 8, 2026
Last verified
May 12, 2026
Record ID
CA-P-009242
Document ID
CA-D-00708
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
8a1c5acb713e644f1bae9303aa9bc97bc64e447bd57ce9ec70ff0d9b296b971e
Analysis generated
May 8, 2026 04:39 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Atlassian
Document: Atlassian Privacy Policy
Record ID: CA-P-009242
Captured: 2026-05-08 04:39:00 UTC
SHA-256: 8a1c5acb713e644f…
URL: https://conductatlas.com/platform/atlassian/atlassian-privacy-policy/controller-processor-distinction-for-enterprise-accounts/
Accessed: July 4, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Atlassian's Controller-Processor Distinction for Enterprise Accounts clause do?

This distinction allocates data governance responsibilities between Atlassian and its customers according to data protection regulatory frameworks. The provision clarifies that Atlassian's obligations and liabilities differ depending on whether it is processing data for its own purposes or at the direction of a customer acting as controller.

How does this clause affect you?

For enterprise customers using Atlassian products, this provision establishes that the customer retains control over personal data processing purposes and methods, while Atlassian's processing activities are limited to executing the customer's documented instructions. This allocation affects compliance obligations, liability structures, and data handling procedures between the parties.

Is ConductAtlas affiliated with Atlassian?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Atlassian.