Atlassian - Security Statement

Last statement update: 22 August 2023.

Atlassian Connect Apps

This section applies to our Apps based on the Atlassian Connect framework

Apps

Apps

Embedders:

  • Microsoft Power BI

  • Microsoft Forms

  • Microsoft Stream

  • Google Forms

  • Google Docs

  • Google Sheets

  • Google Slides

  • Lottie, Lottiefiles for Jira and Confluence

  • Instagram

  • Tik Tok

  • Adobe Cloud

Context for Confluence

Icons for Confluence

Replio for Jira

Data

Overview

We never store any Confluence data on our servers. All settings are stored inside Confluence using the page metadata API.

Embedders, Icons for Confluence

Our embedders and the app Icons for Confluence process all data on the client-side (in an end user's internet browser).

Replio, Context

When you interact with the apps named Replio and Context, your requests (and some Jira / Confluence data) may temporarily pass through our servers. All data passes through security protocols that guarantee secrecy and data encryption (HTTPS/TLS 1.2+). Under no circumstances do we store these data.

Audit and usage logs

When you use our apps, we may collect anonymous usage data and analytics information for auditing, security purposes, improving our product, bug resolution and customer support assistance.

Availability and system resilience

All our configuration data are subject to regular backups. We back up at least once a day. Our backups are securely stored and protected from unauthorised access.

We use separate environments for development and production operations. The environments use separate data and configurations. Access to production environments is tightly controlled. Deployment of the apps in the production environment is managed through automated systems (CI/CD).

Data location

We process app requests in Europe. Any information available via Atlassian REST API might be temporarily processed to render certain functions of the apps.

Our apps can be hosted on:

  • Azure Cloud (North Europe region)

  • Hetzner Cloud (Germany region)

We use Cloudflare's CDN network to serve, protect and optimize worldwide traffic. All data exchanged between the end-user and our apps traverses Cloudflare's global network before being processed by our servers.

Replio advanced features

Our Replio app uses some advanced features hosted by Google Cloud (Global region)

Data Security

Atlassian is responsible for protecting your data in the Atlassian Confluence Cloud. For information on how Atlassian protects your data, see the Atlassian Trust page. For technical details about Atlassian Connect, refer to Atlassian's Connect FAQ.

Users can only access the apps using time-limited JSON web tokens generated by Atlassian specifically for the app.

Atlassian Forge Apps

This section applies to our Apps based on the Atlassian Forge framework

Apps

Apps

Hubspot Connector for Jira

Hubspot Connector for Confluence

Embedders:

  • Microsoft Power Apps for Jira

  • Microsoft Power Apps for Confluence

Overview

Forge Apps are hosted and processed in the Atlassian Cloud environment. We never store any Confluence or Hubspot data.

For information on how Atlassian protects your data, see the Atlassian Trust page. For technical details about Atlassian forge security, refer to the Forge Security page: https://developer.atlassian.com/platform/forge/security/.

Privacy

Our apps are fully compliant with European GDPR. You can read more on our Privacy Policy.

Managing Security Vulnerabilities

Our apps are subject to the Atlassian Security Programs and adhere to all requirements Atlassian imposes on incident management.

Our infrastructure is constantly monitored by the Atlassian Vulnerability Scanning Program EcoScanner.

Security vulnerabilities, when found, get the highest priority and are fixed based on the required Security Bug Fix Policy For Marketplace Apps.

Development and Support Team

Our development and support team is located in Italy.
Suggestions, reports or requests for clarification are always welcome. For further details, please open a ticket.