Users have the right to request access to, correction of, deletion of, or portability of their personal data held by Atlassian, and can exercise these rights by emailing privacy@atlassian.com or submitting a web form.
This analysis describes what Atlassian's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy discloses specific rights and a contact mechanism, which is relevant because the practical scope of these rights may differ depending on whether the user is a direct consumer or accessing Atlassian through an employer account, where the employer administrator controls data.
Direct Atlassian account holders can contact privacy@atlassian.com or use the online request form to access, correct, delete, or export their personal data. Users accessing Atlassian through an employer may need to direct requests to their employer first, as Atlassian designates the employer as data controller in enterprise contexts.
Cross-platform context
See how other platforms handle Data Subject Rights and similar clauses.
Compare across platforms →Monitoring
Atlassian has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"You have the right to request access to personal information we hold about you, to correct or update your personal information, to request deletion of your personal information, and in certain circumstances, to receive personal information in a portable format. You can exercise these rights by contacting us at privacy@atlassian.com or through our online request form.— Excerpt from Atlassian's Atlassian Privacy Policy
(1) REGULATORY LANDSCAPE: GDPR Articles 15 through 22 and CCPA/CPRA establish data subject rights including access, rectification, erasure, portability, and objection. The policy's disclosure of a contact mechanism for these rights is a baseline requirement under both frameworks. GDPR requires responses within 30 days with a possible 60-day extension; CCPA requires responses within 45 days. (2) GOVERNANCE EXPOSURE: Low for this specific disclosure. The rights procedure as stated is standard. However, the interaction with the controller/processor distinction creates medium exposure for enterprise contexts where employees may submit rights requests directly to Atlassian that should be directed to their employer. (3) JURISDICTION FLAGS: EU and UK users have the broadest set of enforceable rights including the right to object to legitimate interests processing and the right to restriction. California residents have distinct rights under CPRA including correction and the right to limit sensitive personal information use. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers acting as controllers should document their internal process for handling employee data subject requests that involve data held within Atlassian systems, including procedures for coordinating deletion requests with Atlassian. (5) COMPLIANCE CONSIDERATIONS: Organizations should verify that their privacy notices to employees reference the Atlassian relationship and provide a pathway for employees to exercise rights. Atlassian's stated response mechanism should be tested periodically as part of vendor compliance reviews.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy discloses specific rights and a contact mechanism, which is relevant because the practical scope of these rights may differ depending on whether the user is a direct consumer or accessing Atlassian through an employer account, where the employer administrator controls data.
Direct Atlassian account holders can contact privacy@atlassian.com or use the online request form to access, correct, delete, or export their personal data. Users accessing Atlassian through an employer may need to direct requests to their employer first, as Atlassian designates the employer as data controller in enterprise contexts.
ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Atlassian.