Privacy Policy
What this policy covers
Your privacy is important to us, and so is being transparent about how we collect, use, and share information about you. This policy is intended to help you understand:
What information we collect about you
How we use information we collect
How we disclose information we collect
How we store and secure information we collect
How long do we keep information?
How to access and control your information
How we transfer information we collect internationally
The data we gather about you, whether you use our goods or services or communicate with us in any other way, is covered by this privacy statement. This policy also outlines your options on how we use your information, including how to access and amend some information about you and how to object to specific uses of your information. Do not access or use our services or engage with any other part of our business if you disagree with this policy.
What information do we collect about you?
As further explained below, we gather information about you from other sources when you use our services and when you give it to us.
Information you give us
When you enter information about yourself into the Services or give it to us in any way, we gather it.
Information about the account and profile
We collect information about you when you register for an account, create or modify your profile, set preferences, sign-up for or make purchases through the Services. For example, you provide your contact information and, in some cases, billing information, when you register for the Services. You also have the option of adding a display name, profile photo, job title, and other details to your profile information to be displayed in our Services. We keep track of your preferences when you select settings within the Services.
Content you provide through our products
The TAF products you use are part of the services, where we gather and save the content you email, post, receive, and share. Any personal information you choose to include is included in this content. The files and links you upload to the services are likewise considered content. We do not host, store, transmit, receive, or collect information about you (including your content) if you use a server or data centre version of the Services, unless your administrator has given permission. We do, however, collect feedback you send us directly through the product and use analytics techniques to collect content that hashes, filters, or otherwise scrubs the information to remove information that could identify you or your organisation. We also collect clickstream data about how you interact with and use features in the services. Administrators of servers and data centres Administrators of servers and data centres can either restrict transmission at the local network level to stop this information from being revealed to us or disable our collection of this information from the Services through the administrator settings.
Content you provide through our websites:
Our websites that we own, or run are likewise included in the services. We also gather additional content that you upload to these websites, such as our social media or social networking sites. For instance, when you participate in any interactive features, surveys, contests, promotions, sweepstakes, activities, or events, or when you give us feedback, you are providing us with material.
Information you provide through our support channels
Additionally, the services include our customer support, where you can opt to send information about a service issue you are having. You will be asked for contact details, a description of the issue you are having, and any additional documentation, screenshots, or information that would be useful in fixing the problem, regardless of whether you specify yourself as a technical contact, open a support ticket, speak with one of our representatives directly, or interact with our support team in any other way.
Payment Information
When you sign up for specific premium services, we get invoicing and payment information from you. During the registration process, for instance, we require you to name and contact a billing representative. Additionally, we may get payment information from you, including credit card numbers, which we obtain through secure payment processing partners.
Information we collect automatically when you use the Services
When you use our services, such as when you browse our websites or perform specific actions within the Services, we gather information about you.
Your use of the Services
When you visit and use any of our services, we collect certain information about you. The features you use, the links you click on, the kind, size, and filenames of attachments you submit to the Services, search terms, the Jira Align story progress of your team, and your interactions with other users on the Services are all included in this data. We also gather data about the teams and individuals you work with, as well as how you cooperate and communicate with them most often. We only gather clickstream data about how you use and interact with the Services' features if you use a server or data centre version of the Services. This information is in addition to the content-related data mentioned in "Content you provide through our products," above. Administrators of servers and data centres can either restrict transmission at the local network level to stop this information from being revealed to us or disable our collection of this information from the Services through the administrator settings.
Device and Connection Information
We gather data regarding the devices you use to access the Services, such as your computer, phone, tablet, and others. When you install, access, update, or use our services, this device information includes your connection type and settings. Through your device, we also get data about your operating system, browser type, IP address, device identifiers, referring/exit page URLs, and crash information. To improve your service experience, we approximate your location using your IP address and/or preferred country. The kind and configuration of the device you use to access the Services determines how much of this data we gather. By restricting transmission at the local network level, server and data centre service administrators can stop this information from being revealed to us or disable its collection using the administrator settings.
Cookies and Other Tracking Technologies
Cookies and other tracking technologies (such as web beacons, device identifiers, and pixels) are used by TAF and our third-party partners, including our advertising and analytics partners, to offer functionality and identify you across various services and devices. Please go to our Cookies and Tracking Notice for additional details, including how to manage or disable these tracking technologies and cookies.
Information we receive from other sources
Other service users, third-party services, our affiliated businesses, social media platforms, public databases, and our business and channel partners are some of the sources from which we obtain information about you. This information might be combined with data we gather using the previously mentioned methods. This enables us to find new clients, update and enhance our data, produce more individualised advertising, and recommend services that could be of interest to you.
Other users of the Services
Other users of our services may provide information about you when they submit content through the services. We also receive your email address from other service users when they provide it to invite you to the services. Similarly, an administrator may provide your contact information when they designate you as the billing or technical contact on your company's account or when they designate you as an administrator.
Other services you link to your account
When you or your administrator connect a third-party service to our services or integrate third-party apps, such as Power-UPs, we get information about you. For instance, to authenticate you, we obtain your name and email address as allowed by your Google profile settings when you register for an account or log in to the Services using your Google credentials. To access, save, disclose, and alter specific content from a third party via our services, you or your administrator may also combine our services with other services you use. For instance, using the Services interface, you can grant our Services permission to access, show, and save files from a third-party document-sharing service. You can also allow our services to sync a contact list or address book or connect to a third-party calendaring service so that you can access your contacts and meetings through the services. This allows you to invite people to work with you on our services or allows your company to restrict access to specific users. In order for your organisation to examine how the Services are being used, your administrator may additionally permit our Services to establish a connection with a third-party reporting provider. When you link or integrate our services with a third-party service, the data we collect is determined by the privacy policy, permissions, and settings that the third-party service controls. To find out what information might be shared with our services or disclosed to us, you should always review the privacy settings and notices of these third-party services.
Third Party Providers
Physical mail addresses, job titles, email addresses, phone numbers, intent data (or user behaviour data), IP addresses, and social media profiles are just a few of the details we might get about you from publicly accessible sources (such as social media platforms) and third-party providers of business information. We might use this information for profiling, sending you personalised communications, promoting events, and advertising products that might be of interest to you.
How we use information we collect
The services you use, how you use them, and any preferences you have shared with us all influence how we use the data we gather. The particular uses of the data we gather about you are listed below.
To provide the Services and personalize your experience
In order to provide you with the Services, we utilise information about you to process transactions, authenticate you when you log in, offer customer service, and run, maintain, and enhance the Services. For instance, we identify you to other service users using the name and photo you enter in your account. Additionally, by automatically analysing your team's activities to provide search results, activity feeds, notifications, connections, and recommendations that are most relevant for you and your team, our services include customised features that improve productivity, personalise your experience, and help you collaborate with others more effectively. For instance, we might provide search results that we believe are pertinent to your job function based on your indicated job title and activity. Additionally, we use your personal information to link you with other team members who are looking for your subject matter expertise. To tailor the information and experience you get on our websites, we might utilise your email domain to deduce that you are associated with a specific company or sector. When you use various services, we aggregate data about you and your activities to give you an integrated experience. For example, we may show you pertinent product information while you navigate our websites or let you locate information from one service while searching from another. We will customise your experience, as well as our communications and offers, based on how you engage with various Atlassian products and advertisements. Please get in touch with privacy@taf.com to opt out of this personalisation.
For research and development
We are constantly searching for methods to improve the intelligence, speed, security, integration, and utility of our services. To troubleshoot, identify trends, usage, activity patterns, and areas for integration, as well as to improve our services and create new products, features, and technologies that benefit our users and the public, we use data and collective learnings (including feedback) about how people use our services. To enhance the @mention feature, for instance, we automatically examine recent user interactions and the frequency with which users @mention one another to present the most pertinent relationships to users. To increase the precision and applicability of the suggested subjects that appear when you use the search tool, we automatically evaluate and compile search phrases. We occasionally utilise these insights to enhance and provide comparable features across our services, better integrate the services you use, or give you insights based on how other people use our services. Before making a new feature available to everyone, we also test and evaluate it with a small group of people.
To communicate with you about the Services
Through email and within the Services, we use your contact information to send transactional communications, such as confirming your purchases, reminding you when your subscription expires, answering your queries, comments, and requests, offering customer support, and sending you technical notices, updates, security alerts, and administrative messages. When you or others engage with you on the Services, such as when you are added to a Trello board, when you are @mentioned on a page or ticket, or when you are given a task, we notify you via email. If you are on-call for incident alerts in Opsgenie, we may call you or send you SMS notifications, depending on the method of contact you have selected. Additionally, we send you customised messages according to your interactions and activities with us. For instance, a feature or third-party app recommendation that might facilitate that work may be automatically triggered by specific activities you perform inside the Services. As you onboard to a certain service, we also send you emails to help you learn how to use that service more effectively. Generally speaking, you are unable to opt out of these communications since they are an integral element of the services. If there is an opt-out option, it will be in your account settings or in the communication itself.
To market, promote and drive engagement with the Services
Through email and the placement of Atlassian advertisements on other businesses' websites and applications, we use your contact details and information about how you use the Services to send promotional communications that could be of particular interest to you. These messages, which include newsletters, events we believe you might find interesting, survey requests, and information about new features, are intended to increase engagement and maximise the benefits of the Services. They may be based on audits of interactions (such as counting ad impressions). We also keep you informed about contests, promotions, new services, and product offers. You can choose not to receive these messages by following the instructions under "Opt-out of communications."
Customer support
We use your information to fix technical problems you run into, answer your help requests, examine crash data, and fix and enhance the services. We share information with a third-party expert when you specifically authorise us to do so in order to address support-related inquiries.
For safety and security
To verify accounts and activity, to identify, stop, and handle possible or real security problems, and to keep an eye out for and defend against other malicious, dishonest, fraudulent, or unlawful behaviour, including infractions of service policies, we use information about you and how you use our services.
To protect our legitimate business interests and legal rights
We use information about you in connection with legal claims, compliance, regulatory, and audit functions, as well as disclosures related to the purchase, merger, or sale of a business, where mandated by law or where we think it's necessary to safeguard our legal rights, interests, and those of others.
With your consent
If you have granted us permission to do so, we use your information for a purpose not specified above. For instance, with your consent, we might publish client endorsements or highlighted customer tales to advertise the services.
Legal bases for processing (for EEA users)
If you are an individual living in the European Economic Area (EEA), we will only gather and use your personal data when permitted by applicable EU regulations. The services you use and how you use them determine the legal bases. This indicates that we only gather and utilise your information where:
To operate the services, offer customer service and customised features, and safeguard the services' safety and security, we require it.
It fulfils a legitimate interest (that isn't superseded by your data protection interests), like safeguarding our legal rights and interests, marketing and promoting the Services, or conducting research and development;
You authorise us to do so for a certain reason; or
In order to fulfil a legal need, we must process your data.
You have the right to withdraw your consent at any time if you have given us permission to use your information for a particular purpose, but this will not impact any processing that has already occurred. You have the right to object to the use of your information when we or a third party (such as your employer) have a legitimate reason to do so, albeit in certain situations this may mean discontinuing your use of the Services.
How we disclose information we collect
We want the collaborative tools we provide to be effective for you. This entails sharing information with specific third parties and via the services. We share the data we gather about you in the manner listed below, including when it comes to potential business transfers. Please be aware that under some US state laws, data you provide about yourself, your devices, and your behaviour that is gathered using third-party cookies, pixels, tags, or other tracking technologies for cross-context behavioural advertising purposes may be deemed a "sale" or "share." However, Atlassian does not sell personal information for money, nor is it a data broker.
Disclosing to other Service users
We share specific information about you with other Service users when you use the Services.
For collaboration
Depending on the settings you or your administrator (if applicable) choose, you can produce content that may contain personal information and allow others to view, disclose, modify, copy, and download that content. When you disclose or interact with certain content, some of the services' collaboration features show other service users' part or all of your profile information. From inside the services or by getting in touch with the appropriate administrator, you can verify if specific service properties are accessible to the general public.
Managed accounts and administrators
The administrator of that organisation and other Service users sharing the same domain may be able to access certain information about you, such as your name, profile picture, contact details, content, and previous account usage, if you register or access the Services using an email address associated with a domain owned by your employer or organisation, or if you link that email address to your current account. In order to facilitate service-related requests, we may share your contact information with current or former Service users if you are an administrator for a certain site or user group within the Services.
How we transfer information we collect internationally
We gather information all over the world, and in order to provide you with the Services, we may move, process, and store it outside of your home country, to any location where we or our third-party service providers operate. We take precautions to protect your information whenever we transfer it.
Data Privacy Framework Notice
On July 10, 2023, the European Commission’s adequacy decision for the EU-U.S. Data Privacy Framework (EU-U.S. DPF) entered into force.
When collecting, using, and retaining personal data that is transferred from the European Union and Switzerland to the United States, TAF, Inc. and its U.S. subsidiaries follow the Data Privacy Framework Principles. According to the U.S. Department of Commerce, TAF conforms with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). Regarding the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, TAF has certified to the U.S. Department of Commerce that it complies with the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles). Regarding the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF, TAF has certified to the U.S. Department of Commerce that it complies with the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles). The EU-US DPF Principles and/or the Swiss-US DPF Principles will take precedence over the terms of this privacy statement in the event of a conflict. Please go to the Data Privacy Framework Program website here to find out more about the program. Look for "TAF" in the Data Privacy Framework List to see TAF certifications.
According to the principles, if we receive information under the Data Privacy Framework and then give it to a third-party service provider who acts as our agent, we may be held liable under the framework if the agent handles the information in a way that violates the framework and we are held accountable for the incident that results in the damage.
If you have any complaints about the Data Privacy Framework or general privacy, we encourage you to get in touch with us using the information below. Please contact our U.S.-based third-party dispute resolution service (free of charge) if you have an unresolved privacy or data use concern that we have not adequately handled. In connection with unresolved complaints (as further detailed in the Data Privacy Framework Principles), we have also agreed to cooperate and abide by the information and counsel given by an informal panel of data protection authorities in the European Economic Area and/or the Swiss Federal Data Protection and Information Commissioner (as applicable) through this third-party dispute resolution provider. For unresolved concerns, you can also get in touch with your local data protection authority in the European Economic Area or Switzerland, if relevant.
