Third-party agent providers and Bitbucket Agentic Pipelines

It is important to understand how Atlassian handles permissions and your data when you use and enable third-party agents such as Claude (“3P Agents”) within Bitbucket Agentic Pipelines. These 3P Agents are third-party products and Atlassian does not control and has no liability for them. Here’s what this means for you:

Connection to third-party data sources

When end users use these 3P Agents and/or MCPs, they may access data from third‑party data sources that are outside Atlassian’s control.

Data egress and ingress

When using these 3P Agents, your Atlassian data (like the repository information where you are running the agentic step) may be sent to the 3P Agents, and Atlassian may receive data returned from those 3P Agent sources. Your data that egresses from Atlassian is subject to the third-party product provider’s terms, including any commitments they make for data protection, security, and model training.

Atlassian commitments do not apply to third‑party environments

Any data that leaves the Atlassian environment via a 3P Agent is not covered by Atlassian’s Atlassian Customer Agreement commitments, Atlassian’s Privacy Policy or other data handling commitments, while it is processed or stored in those third‑party environments.

Atlassian does not guarantee the security of any 3P Agent. Some 3P Agents may handle sensitive data. You are responsible for reviewing the content produced, provided or hosted by 3P Agents and determining applicable compliance requirements before using them.

Output generated by unsupported modalities

3P Agents may generate responses in modalities that Atlassian products do not currently support (for example, images). Atlassian is not responsible for, and does not control, the content of those outputs, including any content that may be inaccurate, inappropriate, and you are still responsible to ensure that your use of the 3P Agent and any of its outputs do not violate Atlassian’s Acceptable Use Policy.

Acceptable Use Policy compliance

Your users must comply with Atlassian’s Acceptable Use Policy when integrating and using third‑party Agents and data sources via these Agents.

Third‑party terms and responsibility

Any third‑party components, MCPs, or data sources accessed by the Agents are provided and controlled by the applicable third-party product. Your use of those third-party products is subject to the applicable provider’s terms. Examples of how these responsibilities work in practice are set out below.