Care about security? We do too. Learn what Atlassian does and what you can do too.
Need to test security settings? Learn how with authentication policies.
Eager to configure? Read on about single sign-on.
Manage password policies for users? Set up two-step verification and idle session duration.
Stay on top of data across your organization with all the reports and tracking options we offer.
Learn about where your cloud product data is hosted and the types of data you can move.
Control how users and apps access your Atlassian cloud products.
Use classification levels to identify and categorize sensitive information in your organization.
Set up and manage BYOK encryption to add protection for your sensitive data.
Set up and manage data security policies to secure your organization’s data.
BYOK encryption for Jira Software is available to all customers with Enterprise plans.
BYOK encryption for Confluence is available through an early access program (EAP) to a number of customers with Enterprise plans. If you're interested in participating in the EAP reach out to your Enterprise account representative.
Product data types in scope and not in scope
Once you set up your BYOK encryption, certain product data is encrypted with keys hosted in your external AWS account.
The following table lists the product data types that are currently supported, as well as the product data types that aren’t supported.
✅ Currently supported
❌ Not supported
Confluence (EAP customers)
Product data definitions
Third-party asset data stored in the asset platform used to synchronize with Jira functionality.
Atlassian Access is a subscription that you purchase for your whole company. It enables visibility and security across all Atlassian accounts and products, and gives you one place to manage your users and enforce security. Learn more about Atlassian Access
Atlassian Marketplace and app data
Data from Connect apps that may be stored outside of the Atlassian cloud environment by a third-party app vendor.
Files attached or added to Jira Software, Jira Service Management, Jira Work Management, or Confluence issues, pages, or other content.
Logs generated by admin actions.
Content stored in a non-specified region for up to 30 days with the purpose of:
Connected DevOps data
Data related to the Jira DevOps experience including:
User data in your customer accounts for Jira Service Management projects.
Data in transit
Data being processed or moved across, and not stored, by Atlassian store.
Incident management functionality data
The data used in functionality for the incident management feature powered by Opsgenie.
In-product notification data
Data related to Jira Software, Jira Service Management, Jira Work Management, and Confluence in-product notifications.
Jira Service Management features powered by Opsgenie
All features accessed through the Opsgenie URL. Some of these features are displayed in the Jira Service Management product screen.
Knowledge base category data
Categories for the Jira Service Management knowledge base, including description and configuration displayed in the portal when integrated with Confluence.
Atlassian system logs used for operational maintenance and diagnostic purposes.
The data used to describe a Confluence space for the purpose of search indexing.
Permission and restriction configuration data
Data related to the configuration of product or site access permissions or restrictions.
Events fired by our cloud products for in-product user experience optimization and performance.
Product data at rest
Data added directly by a user, that has persisted for 30 days or longer in our cloud data stores.
Logs generated by Jira Software and Confluence product changes related to content and configuration.
SLA configuration data
Service Level Agreement text field names, time metric configuration, calendar configuration, and JQL queries for SLA Goal configurations.
Source data for notifications in emails
Data in an email with notification details. For example, an email that contains issue names and comments.
Team profile information data
Data related to your Atlassian team profile, including:
Third-party product integration data
Data from any product integrated with Jira Software, Jira Service Management, Jira Work Management or Confluence. For example, a Github integration.
User account information data
Personal account information including:
Events fired by our cloud products to help understand experiences based on how a user interacts with products.
Was this helpful?