Data residency for Isolated Cloud
This page explains how data residency for the Atlassian Isolated Cloud differs from Commercial Cloud data residency. It is intended for administrators and auditors of enterprise-scale organizations who require comprehensive data residency controls.
Overview of data residency in the Isolated Cloud
In the Isolated Cloud, data residency is an inherent architectural property rather than a configurable setting. While data residency for Commercial Cloud allows you to "pin" in scope app data at rest to specific regions, the Isolated Cloud provides a dedicated boundary to the customer control plane where all UGC and personal data is stored.
The primary difference is the breadth of in-scope data: the Isolated Cloud ensures that almost all UGC and personal data (including data in transit) remains within the physical boundaries of the region where the instance was provisioned.
Differences at a glance
Feature | Commercial Cloud data residency | Isolated Cloud data residency |
|---|---|---|
Scope | All app data, including data at rest and in transit, with limited exceptions. | |
Configuration | No setup required beyond choosing a desired region | |
Mobility | Can migrate between supported regions | Fixed to the region of creation |
Isolation | Multi-tenant from different customers with logical isolation | All tenants in an Isolated Cloud instance are also logically isolated from each other, but they all belong to a single customer. |
See Understand data residency for information about how data residency works for standard (multi-tenant) cloud customers.
How it works
This section describes the key features of Isolated Cloud data residency:
Inherent regional pinning
When an Isolated Cloud instance is created, it is provisioned in a specific region. All app data for Jira and Confluence is automatically pinned to that region from the moment of creation. Because this is a fundamental part of the Isolated Cloud architecture, data residency isn't something you "enable"—it is built into the environment.
Data in transit
In Commercial Cloud plans, data residency coverage typically only extends to in-scope data that is stored at rest for more than 30 days. In the Isolated Cloud, the boundary extends to data in transit. This means that as users interact with Jira or Confluence, their data remains within the physical and logical boundaries of the designated region.
User-generated content (UGC) isolation
Almost all user-generated content (UGC) is contained within the Isolated Cloud boundary. This includes (but is not limited to) Jira issue descriptions, Confluence page content, and attachments.
However, UGC may also transit or be accessed by Atlassian staff for support purposes with customer consent, or as necessary for major incident resolution. See Access and shared services in Atlassian Isolated Cloud for more information on when this applies.
In-scope Atlassian app data
In the standard multi-tenant Atlassian Cloud, certain data types (such as user account information and other organization-level data) are classified as out-of-scope and stored globally. See Understand data residency for a complete list of what is in scope (can be pinned) and out of scope (can’t be pinned) in the standard Atlassian Cloud.
Isolated Cloud is a self-consistent boundary that contains all services handling UGC and personal data, both at rest and in transit. Since it is deployed to a single region today, customer data is pinned to that region.
Information for auditors
For compliance and auditing purposes, the Isolated Cloud provides a single-tenant-like experience within Atlassian’s infrastructure.
Data residency: The environment is physically and logically restricted to the chosen region.
Disaster recovery: In a disaster recovery scenario, the Isolated Cloud maintains its residency commitments. All backup and recovery processes occur within the same geographic realm.
Regional availability: Isolated Cloud data residency is pinned to the region of creation. Currently, customers cannot specify different residency requirements for specific types of data or applications within a single instance; rather, the customer’s entire Isolated Cloud instance (spanning all sites and organisations within it) is bound to the provisioned region.
Was this helpful?