Access and shared services in Atlassian Isolated Cloud

Atlassian uses its own control plane to create, run, and maintain customer data. This control plane is composed of Atlassian services that reside in their own secure infrastructure outside the isolated environment.

As a result, Atlassian may process Isolated Cloud customer data outside the isolated environment. Whenever this occurs, it is only to support critical business operations required of all customers. Below is a list of high-level categories of such operations:

• Support: Customer‑initiated interactions such as support tickets (for incident resolution or debugging purposes) or webforms (for example, when you visit and submit contact details or describe a problem). This content may include customer data, which can be processed outside the isolated environment.

• Identity and account/org management: Limited identity and organization data (for example, account names, admin contacts, organization or site identifiers) used to power account‑switch experiences, entitlement checks, domain claims, and org/site lifecycle operations for Atlassian Isolated Cloud tenants.

• Billing and administration of the business relationship: Information used to handle billing, contracts, and account administration (for example, billing contacts, subscription details) so Atlassian can operate commercial and compliance processes consistently across Atlassian Cloud and Atlassian Isolated Cloud.

• Observability and operational telemetry: Metrics, logs, and operational signals used to monitor reliability and performance (for example, availability SLOs and error rates). These telemetry pipelines are designed so that payload attributes and metric metadata do not include raw customer personal data or UGC, in line with the IC data egress exemptions.

• Orchestration and provisioning: Tenant, org, site, and workspace identifiers used to provision, rename, route, and manage Atlassian Isolated Cloud environments. For example, using the shared control plane for org creation, site renaming, automated traffic routing, migration planning all require specific identifiers.

• Encryption and key management (BYOK): Encryption policy information, admin contact details, and tenant identifiers used to configure and operate Bring Your Own Key and related encryption controls for eligible Atlassian Isolated Cloud tenants.

• Ecosystem: Data necessary for deploying and managing installed apps (built by both Atlassian and partners) on your sites. This includes identifiers for the app and the site/org it’s installed on and limited contexts about user-triggered app actions.

• Analytics & experimentation: Aggregated usage data used to understand how products are used and to run experiments that improve them.

• Anti-abuse: Signals used to detect, prevent, and respond to security incidents, fraud, and abuse. These include logs and signals for suspicious/failed sign-in attempts, rate limits, or spam-like activity.

• Infrastructure operations (beyond provisioning): Data used to operate, monitor, and maintain the cloud infrastructure that runs your products. These include data relevant for patching, sharding, PaaS deployment, disaster recovery, and cost/capacity management.

• Corporate/internal services: Data used by Atlassian’s internal business systems to manage customer relationships, subscriptions, and compliance obligations. This includes high-level customer account identifiers (for CRM systems), subscription data required for accounting, information required for regulatory compliance, and account-level engagement indicators.