Atlassian collects personal information you directly provide (like your name and email), information generated by your use of their products (like files you upload and messages you send), and information from third-party sources such as data enrichment providers.
This analysis describes what Atlassian's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy states that content created or uploaded within Atlassian products, including messages and files, is collected as personal information, meaning material you create in Jira or Confluence may be processed under this policy.
Users' names, email addresses, job titles, billing information, device identifiers, IP addresses, usage activity, and content uploaded or created within Atlassian services are all within the stated scope of collection. This includes content shared in Confluence pages, Jira tickets, and similar collaborative workspaces.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Atlassian has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We collect information about you when you provide it to us, when you use our Services, and when other sources provide it to us, as further described below. We collect information about you when you input it into the Services or otherwise provide it directly to us. We collect content you provide while using the Services. This includes messages you send and receive, files and other content you upload to the Services.— Excerpt from Atlassian's Atlassian Privacy Policy
(1) REGULATORY LANDSCAPE: Collection of content data including messages and files may engage GDPR Article 5 data minimization and purpose limitation principles, as well as CCPA categories for professional and employment-related information when used in a workplace context. The UK ICO and EU supervisory authorities enforce these provisions. (2) GOVERNANCE EXPOSURE: Medium. The breadth of content collection, including files and messages within collaboration tools, creates data mapping obligations for enterprise customers who must account for employee personal data processed within Atlassian environments. This is a standard practice for SaaS collaboration platforms but requires documentation under GDPR Article 30 records of processing. (3) JURISDICTION FLAGS: EU and UK users have heightened exposure given GDPR data minimization requirements. California users retain CCPA rights to know and delete. Organizations in regulated industries (healthcare, financial services) should assess whether content uploaded to Atlassian tools could constitute regulated data (PHI, financial records). (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise procurement teams should confirm that their DPA with Atlassian covers all categories of personal data their employees may upload, including sensitive content. The policy's reference to third-party data enrichment sources for contact information should be flagged in vendor assessments. (5) COMPLIANCE CONSIDERATIONS: Organizations should conduct a data mapping exercise to document what categories of personal data flow into Atlassian products and whether adequate safeguards and legal bases exist for each category.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy states that content created or uploaded within Atlassian products, including messages and files, is collected as personal information, meaning material you create in Jira or Confluence may be processed under this policy.
Users' names, email addresses, job titles, billing information, device identifiers, IP addresses, usage activity, and content uploaded or created within Atlassian services are all within the stated scope of collection. This includes content shared in Confluence pages, Jira tickets, and similar collaborative workspaces.
ConductAtlas has identified this type of provision across 17 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Atlassian.