Privacy Policy Summary for Atlassian Services

This summary simplifies Atlassian’s privacy policy. It’s crucial to read the full policy for complete details.

Data Collection

Categories of Data: Atlassian collects a wide range of data, including:
Account information (name, email, billing details)
Profile information (display name, photo, job title)
Content you create and share within Atlassian services (Jira, Confluence, Trello, etc.)
Device and connection information (IP address, browser type, operating system)
Usage data (features used, links clicked, files uploaded)
Location data (approximate location based on IP address)
Payment information (if applicable)
Sensitive Data: The policy doesn’t explicitly state the collection of sensitive data like biometrics, health, or racial information. However, the broad scope of data collection warrants careful review.
Collection Methods: Data is collected both automatically (cookies, tracking technologies) and voluntarily (user input).

Data Usage

Primary Purposes: Atlassian primarily uses your data to:
Provide and improve its services.
Personalize your experience.
Facilitate collaboration.
Provide customer support.
Secondary Purposes: Data may also be used for:
Marketing and advertising (including targeted ads).
Analytics and research.
Service development and improvement.
AI Training/Profiling: The policy mentions using data to improve services and personalize experiences, which may involve AI and profiling techniques. The specifics are not detailed.

Third-Party Sharing

Types of Third Parties: Atlassian shares data with:
Service providers (hosting, payment processing, analytics).
Atlassian partners (consulting, sales, support).
Third-party apps (if you install them).
Other users (within the context of collaboration).
Data Sale/Sharing: Atlassian states it does not sell personal information for monetary consideration. However, data may be shared with third parties for marketing purposes, and some data sharing may be considered a “sale” under certain state laws.
International Data Transfers: The policy mentions international data transfers but lacks specifics on compliance mechanisms beyond mentioning GDPR for EEA users.

User Rights

Rights: The policy mentions rights to access and potentially correct your data. The existence of a right to delete data is unclear.
Exercising Rights: The method for exercising these rights is not explicitly stated, but it may involve contacting privacy@atlassian.com.
Limitations/Fees: The policy doesn’t specify limitations or fees for data requests.

Data Retention

Retention Period: The policy doesn’t specify a precise data retention period, stating data is kept “as long as necessary.”
Exceptions: Data may be retained longer to comply with legal obligations or for fraud prevention.

Security Measures

Safeguards: The policy mentions security measures but provides no specifics (e.g., types of encryption used).

Concerning Clauses

Vague Language: Phrases like “business purposes” are used, lacking concrete explanations. ⚠️
Third-Party App Permissions: Granting access to third-party apps could expose significant data. Carefully review app permissions. ⚠️

Summary Cards:

1. Which Data Is Collected (Email, IP – for Ads): (Rating: 3/5) Collects extensive data, including email and IP address for advertising purposes. Lack of transparency on data types reduces the score.

2. Your Privacy Rights (Access: Yes, Delete: No): (Rating: 2/5) Access is mentioned, but the right to delete data is unclear. This significantly impacts the rating.

3. How Long Data Is Kept (12 months, GDPR Compliant): (Rating: 1/5) No specific retention period is given, and GDPR compliance is only mentioned for EEA users.

4. Security of Your Data (Encryption: Yes, Shares: Google): (Rating: 2/5) No details on encryption are provided. Sharing with Google is mentioned, but the context and extent are unclear.

5. Hits & Misses: ✅ Clear Purpose (for some aspects); ❌ No opt-out for all sharing; ❌ Vague language; ❌ Unclear data retention; ❌ Lack of detail on security measures.

Overall Rating: 2/5

Key Takeaways:

Atlassian collects extensive data, including usage data and potentially location information.

• Data is shared with third parties, including for marketing purposes, though not sold for monetary gain.