Data managed with encryption | Atlassian Support
  • Documentation

Data managed with encryption

Who can do this?
Role: Organization admin
Atlassian Cloud: See https://www.atlassian.com/platform/infrastructure/cmk for details
Atlassian Government Cloud: Not available

App data types in-scope and not in-scope

Once you set up your Customer-managed keys (CMK) or Bring your own key (BYOK) encryption, certain Atlassian cloud apps will encrypt in-scope data types with keys hosted in your external AWS account. Data that is not in-scope is encrypted with Atlassian managed keys.

Apps not yet listed as supported remain accessible (with the exception of Rovo) to BYOK and CMK customers, who are expected to conduct risk assessments based on their business context before enabling them.

The list of supported apps is continuously expanding, and this page is regularly updated.

The following table lists the app data types based on:

✅ Data that is in-scope

Data not in-scope (lower sensitivity or transient)

Jira Family

We currently support encryption for Jira and Jira Service Management. However, as the Jira family of apps share the same database, some of the data encrypted for Jira and Jira Service Management extends to Jira Product Discovery on the same site. Otherwise, we don't support encryption for Jira Product Discovery.
What is the Jira family of apps?

✅ All attachments

✅ Asset data (Jira Service Management)

✅ Board and sprint data

✅ Comments

✅ In-app notification data

✅ Jira work item and field content (including system and custom fields)

✅ Jira search data

✅ Link related work

✅ Overview name

✅ Permissions and restriction configuration data

✅ Rovo Search*

Data not in-scope (lower sensitivity or transient):

  • App analytics

  • Attachment metadata

  • Connected DevOps data:
    Commits, Branches, Pull requests, Builds, Deployments, Feature flags, and Remote links

  • Project configuration data:
    Workflows, Custom field configuration, and Board configuration

  • Suggest sub-items

*No additional data that is in-scope for CMK is created by Rovo Search. In-scope Jira and Confluence data ingested by Rovo Search remains supported by CMK.

Jira Service Management Operations

✅ Alerts, escalations, and teams:
Alert, Alert attachment, Alert note, Alert log, Saved search, Alert policy, Escalation, Maintenance, Responder name, Team, Team log, Platform team, Team routing rules, Notification preference, Central notification setting, and Heartbeat

✅ Chat:
Chat channel, and Chat conversation

✅ Incident:
Incident, Incident saved search, Incident alert policy register, Incident response role, Incident template saved search, Incident service, Incident service saved search, Incident service problem, Incident service problem comment, Incident service problem alert setting, Incident external service, Incident external service relation, Incident status page entry, Incident stakeholder notification email template, Incident stakeholder notification info, Incident log, Incident note, Incident timeline entry, and Stakeholder updates

✅ Integrations:
Integration, Integration action, Integration action group, Integration new framework, Integration alias mapping

✅ JEC (Jira Edge Connector) channel name

✅ Rovo Search*

✅ Schedule:
Schedule, Schedule on-call events, Schedule deleted rotation metadata, and Deleted schedule

✅ User and team roles:
User, Deleted user, User saved search, User role, Customer account log, Customer tags, and Customer onboarding

Data not in-scope (lower sensitivity or transient):

  • Alerts, escalations, and teams:
    Alert alias, Alert messages, Alert tags, Policy name, Escalation name, Customer team role name, Heartbeat name, Alert saved search name, and Forwarding alias

  • Incident:
    Incident messages: Tags, and Incident saved search name

    Incident response role name lowercase

    Incident service saved search name

    Incident external service name

  • Integration name

  • Schedule:
    Schedule name, and Override alias

  • Service name

*No additional data that is in-scope for CMK is created by Rovo Search. In-scope Jira and Confluence data ingested by Rovo Search remains supported by CMK.

Confluence

✅ AI summaries

✅ Attachments

✅ Blog content

✅ Comments

✅ Confluence questions

✅ Databases

✅ In-app notification data

✅ Page content

✅ Permission and restriction configuration data

✅ Rovo Search*

✅ Search data

✅ Whiteboards

Data not in-scope (lower sensitivity or transient):

  • App analytics

  • Attachments metadata

  • Page and blog URL

  • Link Confluence content

*No additional data that is in-scope for CMK is created by Rovo Search. In-scope Jira and Confluence data ingested by Rovo Search remains supported by CMK.

Atlassian Analytics

✅ Data from BYOK or CMK-enabled apps queried from the Atlassian Data Lake and data shares

✅ Dashboards (including dashboard titles, settings except URL slugs, content elements, images, variables, subscription configurations, and activity logs)

✅ Charts (including chart titles, settings, annotations, queries, and other Visual SQL steps)

✅ Comments (for charts and dashboards)

✅ Data source schemas

Data not in-scope (lower sensitivity or transient):

  • Dashboard URL slugs

  • Data source settings (including display names)

  • Data source change histories

  • Query logs (for charts and data sources)

Rovo

Data not in-scope (lower sensitivity or transient):

Rovo is not initially available for BYOK/CMK customers until it supports the use of customers' encryption keys. However, if desired, BYOK/CMK customers can request activation of Rovo in its current form (encrypted with Atlassian-managed keys) through their account teams.

Atlassian Administration

Data not in-scope (lower sensitivity or transient):

  • Audit log events (user-created activity settings in audit log can hide data created by users)

  • All other features

All apps

Data not in-scope (lower sensitivity or transient):

  • Atlassian marketplace app data

  • Cached content (up to 30 days)

  • Data in transit (up to 30 days)

  • Team profile information data

  • Third-party app integration data

  • User account information data

  • User analytics

App data definitions

Term

Definition

Asset data

All schemas, object types, and objects stored within Assets in Jira Service Management.

Atlassian Marketplace and app data

Data from Connect apps that may be stored outside of the Atlassian cloud environment by a third-party app vendor.

Attachment metadata

File names.

Attachments

Files attached or added to Jira, Jira Service Management, or Confluence issues, pages, asset object, or other content.

Audit log

Logs generated by admin actions.

Cached content

Content stored in a non-specified region for up to 30 days with the purpose of:

  • Progressive content migration to a nominated location

  • Temporary storage of transactional content, such as emails and notifications, until delivery has been confirmed or abandoned.

  • Temporary storage of query results and rendered charts for dashboards in Atlassian Analytics

Confluence Questions

Confluence embedded add-on feature for Q&A, including following data

  • CQ primary data being question title

  • question content

  • answer content

  • answer/question comments

Confluence search data

Data stored in Elasticsearch to enable Confluence search functions. While not yet in scope, the data is purged when BYOK customers initiate revocation of access to encryption keys.

Connected DevOps data

Data related to the Jira DevOps experience including:

  • commits

  • branches

  • pull Requests

  • builds

  • deployments

  • feature flags

  • remote links

Customer accounts

User data in your customer accounts for Jira Service Management projects. 

Data in transit

Data being processed or moved across, and not stored, by Atlassian store.

Incident management functionality data

The data used in functionality for the incident management feature powered by Opsgenie.

In-app notification data

Data related to Jira, Jira Service Management, and Confluence in-appnotifications.

Jira Service Management features powered by Opsgenie

All features accessed through the Opsgenie URL. Some of these features are displayed in the Jira Service Management app screen.

Knowledge base category data

Categories for the Jira Service Management knowledge base, including description and configuration displayed in the portal when integrated with Confluence.

Operational logs

Atlassian system logs used for operational maintenance and diagnostic purposes.

Overview

Jira overviews are collections of projects that help you get a high-level and aggregated view of work spanning multiple business projects.

Page metadata

The data used to describe a Confluence space for the purpose of search indexing.

Permission and restriction configuration data

Data related to the configuration of app or site access permissions or restrictions.

App analytics

Events fired by our cloud apps for in-app user experience optimization and performance.

App data at rest

Data added directly by a user, that has persisted for 30 days or longer in our cloud data stores.

App logs

Logs generated by Jira and Confluence app changes related to content and configuration.

Rovo Chat

Rovo Chat is an AI assistant that operates across the entire Atlassian organization, assisting users with questions and tasks within the Atlassian ecosystem. It includes chat history, chat name, customer created chat agents with their names and descriptions.

Rovo Search

Rovo Search allows you to quickly find what you’re looking for. Rovo Search combines results from your Atlassian apps (like Jira and Confluence) with results from other tools you connect.

SLA configuration data

Service Level Agreement text field names, time metric configuration, calendar configuration, and JQL queries for SLA Goal configurations.

Source data for notifications in emails

Data in an email with notification details. For example, an email that contains issue names and comments.

Team profile information data

Data related to your Atlassian team profile, including:

  • name, description, or header image

  • all team links information and activity

Third-party app integration data

Data from any app integrated with Jira, Jira Service Management, or Confluence. For example, a Github integration.

User account information data

Personal account information including:

  • name

  • email address

  • avatar

User analytics

Events fired by our cloud apps to help understand experiences based on how a user interacts with apps.



Still need help?

The Atlassian Community is here for you.
Ask the Community
On this pageApp data types in-scope and not in-scopeJira FamilyJira Service Management OperationsConfluenceAtlassian AnalyticsRovoAtlassian AdministrationAll appsApp data definitions
CommunityQuestions, discussions, and articles