Atlassian Data Retention Policy
Purpose
The purpose of this document is to define the retention periods for each of the personal data elements or records processed (i.e., collected, used, transmitted, shared, stored, archived) by Atlassian governed by the requirements established in Red Hat Global Records Management Plan and in compliance with “Data Retention” principle described in Red Hat Global Privacy Policy.
Scope
The scope of this retention policy is limited to personal data elements or records processed by Atlassian products and does not apply to upstream or downstream systems/services that could process the same personal data elements or records. Data retention periods of the personal data processed by those upstream or downstream systems/services shall be governed by the data retention policies of those respective systems/services.
Policy Statement
Ownership & Responsibilities
All personal data elements or records collected, used, transmitted, shared, stored, archived or otherwise processed by Atlassian products are owned by Portfolio & Delivery (P&D), which is responsible for establishing, maintaining, and enforcing this policy.
Retention Periods
The following personal data elements or records are processed by Atlassian products and shall comply with the following retention periods. These retention periods shall be enforced on any personal data transmitted to third party vendors or service providers including various cloud or SaaS providers.
What | Description / Purpose | Max. Retention Period |
User information personal data including content and comments | Information related to account set up and log in | Retained for the life of the Atlassian subscription; if accounts are deactivated, information remains in the database |
User-created content | Spaces, project, issues, pages, blogs, comments | Retained for the life of the Atlassian subscription |
Storage
Maintenance and storage of personal data processed by this service shall be governed by the requirements established in Red Hat Global Records Management Plan. Any personal data in electronic format should be maintained and stored in a Red Hat approved repository (or an approved cloud/service provider) in compliance with Data Encryption & Secure Key Management Guidelines.
Policy Compliance
Compliance Measurement
Compliance with this data retention policy is mandatory. Compliance to this policy is measured through various methods including but not limited to, reports from available business tools, internal and external audits, self-assessment, and/or feedback to the policy owner.
Non-compliance & Exceptions
Any request to keep records beyond the maximum time period or retention requirements must be justified and approved in writing by the policy owner.