Product Data Flows

All our software connects Jira & Confluence with Microsoft 365. We use nearly the same data flows independent of the hosting option. So Jira Cloud, Jira Server and Jira Data Center roughly works the same, sharing the same data storage and processing guidelines.

Data Storage

We only store content that has been explicitly created by our apps. Most common data we store are:

  • User / instance settings

  • Metadata mappings between Atlassian & Microsoft objects

  • User login tokens retrieved by OAuth login

We do not store Jira content (like Jira issues, comments, etc.) or Microsoft content (like chat content) on our servers. The exact data varies by the used features and can be looked up in the docs of the feature. In some cases, we do store PII and / or OII data, in conformance with the GDPR. We also will be able to provide a DPA (AVV), please reach out via our support channels for a signed copy.

Data Processing

We process data from your Jira, Microsoft 365 as well as our own data in our infrastructure in Frankfurt. Data residency with world-wide locations is coming soon. The following diagram details the data-flow.

Data flow for user interactions

Whenever a user is interacting with one of our features (in Outlook, Teams, Jira or Confluence) we might process data to fulfill the request. Most often this just includes the current context (e.g. issue, page, email, Teams chat) but also includes users email addresses. When possible (technically and security wise), we access Microsoft services from the users browser, instead our servers (Graph API direct access). Examples for these kind of scenarios are:

  • Sending an email from Jira

  • Starting a Microsoft Teams chat from Jira

  • Creating a new Jira issue from Microsoft Teams

Data flow for application triggered changes

Some features are triggered without user interaction like Teams notifications but instead use webhooks to be processed. We limit the amount of data processed to the minimum, by filtering them on Microsoft & Atlassian-side as much as possible. If a feature is disabled, we do not receive corresponding webhooks at all. Examples for this include:

  • A Jira issue is updated and a Teams notification should be sent

  • A task in Microsoft To Do is completed and a Jira issue should change it’s status

Limits on data flow

Whenever we implement a new feature which requires data flowing through our system, we strive to limit this as much as possible. We balance the usability of a feature with the amount of involved data, but we will never crawl all your Microsoft 365 or Atlassian data and / or store private content in our database.

Exceptions

There is an legacy exception for customers using only the Outlook add-in for Jira Server/Data Center that runs locally only. Going forward, with our core focus on integrating with Microsoft 365, new features will require connectivity with our own service.

Â