• Documentation
Products
Documentation
Resources
Atlassian Support
/
Rovo
/
Resources
/
Get to know Rovo
/
What is Rovo?

Rovo data, privacy and usage guidelines

It is important to understand how Rovo and Atlassian handle permissions and your data.

As with any generative AI product, experiences and quality can vary and be dependent on a number of things including the knowledge sources provided, the user's access, and the probabilistic nature of LLMs (large language models).

Interoperation with third-party products

Rovo includes features that are designed to interoperate with third-party products. For example, you may connect third-party products to Rovo using connectors.

Connecting Rovo with third-party products may give third parties access to information you choose to use in connection with their products, and your use of third-party products and information you share may be governed by their terms and policies, including their privacy policies. For example, if you use an Agent purchased by your organization from Atlassian Marketplace, your use of that Agent is subject to the third-party’s terms and policies.

For more detail, see “Third Party Services” in Atlassian’s Privacy Policy.

Permissions

Rovo synchronises with access controls and permission settings from connected third-party products and your Atlassian products. This helps ensure that users only see content they have access to.

Because Rovo relies on these permissions you have set, before connecting a third-party product you should check and remind users to check the permissions set up for that product.

For example, if you connect Google Drive to Rovo, users need to log in and connect their Atlassian account to Google Drive to see any Google Drive results in Rovo. Once authorized, users will be able to see public documents and private documents that they already had access to.

We ‘listen’ for permission changes, and update the Rovo index with changes. More about permissions

Deleted data

We ‘listen’ for content deletion, and update the Rovo index with changes. For example, once the Rovo index is updated, content that’s deleted from a connected third-party product will not appear in Rovo results. In the case of Figma, links to deleted content may still show up in Search Results. However, if a user clicks on a link to deleted content, it will appear broken. See How Rovo shows Figma results for more information.

If an organization admin disconnects a third-party product from Rovo, we will delete the content we've indexed from the third-party product within 30 days. However, deletion for GitHub content works differently. Because your GitHub data is integrated through the GitHub for Jira app, data is deleted only if you disconnect GitHub from Rovo and uninstall the Github for Jira app. See how to disconnect GitHub from Rovo for more information.

Data usage

We index the entire workspace of the third-party product you connect (for example, the entire Google Drive or the SharePoint workspace). Currently, you can’t refine the scope of the index any further (such as choosing to only index specific folders in Google Drive) but this is something we might consider in the future.

To provide Rovo, we store the content for each file found in a third-party product and associated usage data. We also store permissions settings about the file to ensure that we only show content that users have access to.

We use this data to serve your Atlassian features, such as Rovo Search.

We may also use it for troubleshooting and debugging, or to solve support queries you or your team raise with us.

Browser extension

If users have access to install the Rovo browser extension on a device, they can use Rovo Chat and Agents on any public webpage (e.g. Wikipedia) or on any webpage that is connected to Rovo via a connector (e.g. if you connect Rovo to SharePoint, and view a Word doc in your browser, you can ask a Rovo Chat to summarize that Word doc).

The extension also reads, but does not store the contents of private Google docs for the purpose of providing access to definitions in your browser. The content of the document is only sent to Atlassian to detect words that can be defined, and is not stored or sent to any third-party models such as OpenAI.

For more information about the extension, see Rovo browser extension.

Data residency

At this time, Rovo doesn’t support data residency. We have plans to support it in the future.

Security/Compliance certifications

Although many of the systems and services used by Atlassian Intelligence and Rovo hold these certifications and adhere to the same internal policies and standards, these features themselves have not completed external assessments for SOC2 or ISO certification. We aim to have these features added to our standard audit certification reporting cycle before the end of the year.

HIPAA

At this time Rovo is not HIPAA compliant and our Business Associate Agreement (BAA) does not cover this feature. If you are required to comply with HIPAA, we recommend that you do not turn these features on until we have expanded our coverage to include it.

Large Language Models (LLMs)

Rovo uses OpenAI LLMs and open-source, self-hosted LLMs, such as Llama3, Mixtral, and Phi-3.

The LLM providers we use do not use your inputs and outputs to improve their services. Neither OpenAI nor any other LLM provider retains your inputs and outputs.

For more information on models and data use, see our Trust Center.

Usage guidelines

As always, remember to abide by the Acceptable Use Policy when using Rovo, including when using Rovo Chat and when you create custom Agents.

Read more about how we use your data at the Atlassian Intelligence trust centre, and in our responsible technology principles.

Still need help?

The Atlassian Community is here for you.
Ask the Community
On this pageInteroperation with third-party productsPermissionsDeleted dataData usageBrowser extensionData residencySecurity/Compliance certificationsHIPAALarge Language Models (LLMs)Usage guidelines
CommunityQuestions, discussions, and articles