Close

Transparency Report

As part of Atlassian’s commitment to earning and maintaining our customers’ trust, we have begun publishing an annual Transparency Report with information about government requests for users’ data as well as government requests to remove content or suspend user accounts.


Atlassian responds to government requests in accordance with our Privacy Policy, Customer Agreement, Acceptable Use Policy, and any applicable Service-Specific Terms.  We also provide additional information about our policies and procedures for responding to requests for user data in our Guidelines for Law Enforcement.  In responding to any government request (whether a request for user data or a request to remove content/suspend user accounts), Atlassian follows these guiding principles:

Requesting parties should first attempt to obtain the information directly from the customer or user(s) at issue.  If the requesting party comes to Atlassian for user data, unless prohibited by law, we will notify the customer (so that customer has an opportunity to challenge the legal process) in accordance with our user notice policy.
Atlassian will scrutinize every request for legal validity, and if required to comply by disclosing user data, we will respond in accordance with applicable law (including the federal Stored Communications Act), and will respond as narrowly as possible to the specific request.
Atlassian will continue to advocate for reforms that allow us to provide more transparency to our customers.

Period for Transparency Report is January 1 through December 31 for the applicable year

US Government Requests for User Data

Year
Requests Received
Accounts Targeted in Requests Received
2017 13 88
2016 1 2
2015 4 19

 

Note: The 2017 report includes requests for Trello user data. Reports prior to 2017 do not include requests for Trello user data.

 

Atlassian’s Response to Requests Received

Year
Response
Number of Requests
Number of Accounts Where Data Disclosed
2017       Produced non-content user data 8 4
Objected 0 0
No responsive data 1 0
2016       Produced non-content user data 0 1
Objected 0 0
No responsive data 0 0
2015       Produced non-content user data 2 4
Objected 1 0
No responsive data 1 0

 

 

US Government Requests for Account Removal/Content Takedown

Year
Requests Received
Accounts Targeted in Requests Received
2017 0 0
2016 0 0
2015 1 3

 

 

Atlassian’s Response to Requests Received

Year
Response
Number of Requests
Number of Accounts Affected
2017

Blocked public access
to user account

0 0
2016 0 0
2015 1 3

 

 

International Government Requests for User Data

Year
Requests Received
Accounts Targeted in Requests Received
2017 1 1
2016 1 1
2015 NA NA

 

 

Atlassian’s Response to Requests Received

Year
Response
Number of Requests
Number of Accounts Where Data Disclosed
2017       Produced non-content user data 0 0
Objected 1 0
No responsive data 0 0
2016       Produced non-content user data 1 0
Objected 0 0
No responsive data 0 0
2015       Produced non-content user data NA NA
Objected NA NA
No responsive data NA NA

 

GLOSSARY

  • “Accounts affected” reflects the total number of user accounts for which Atlassian disclosed user data or suspended.
  • “Accounts targeted” reflects the total number of accounts that were subjects of the total number of legal requests (for example, a single subpoena could request information about two user accounts).
  • “Non-content user data” is subscriber information, such as the name and email address provided when you register for an account, billing information (if applicable), and IP addresses.  This does not include any user-generated content, such as profile pictures or files uploaded by users and stored on Atlassian’s servers.
  • “No responsive data” reflects that Atlassian properly responded to a valid legal request, but did not have any responsive records to disclose to law enforcement.
  • “Number of requests” reflects the number of times that Atlassian received legal process requesting either user data or account suspension.
  •  “Objected” means that Atlassian received a legal request but did not disclose any user data because we believed the request was not legally valid.