What is the difference between "metadata" and "in-app data"?

Atlassian distinguishes between "metadata" and "in-app data" based on the nature of the information and how it is utilized to refine platform performance and AI features. Both categories are de-identified and aggregated before being used to improve services for all customers.

What is Atlassian Rovo AI?

Atlassian Rovo is an AI-powered product designed to connect, analyze, and act on organizational knowledge across the Atlassian Cloud ecosystem and integrated third-party tools. Built upon Atlassian Intelligence and a proprietary "teamwork graph," it acts as an AI-driven assistant that helps teams reduce context switching and improve productivity.

Is Atlassian Isolated Cloud GDPR-compliant?

Yes, Atlassian Isolated Cloud is GDPR-compliant, building on Atlassian's established GDPR framework for its cloud offerings. It enhances compliance through single-tenant isolation and customer-selected regions in the EU or elsewhere, minimizing data transfer risks.

What is Atlassian Government Cloud?

Atlassian Government Cloud is a specialized, secure cloud platform tailored for U.S. government agencies, contractors, and partners needing high compliance standards.It delivers core Atlassian tools like Jira, Confluence, and Jira Service Management in a FedRAMP Moderate-authorized environment with U.S.-only data residency on AWS us-east-1 (with us-west-2 redundancy).

Data security

Atlassian changes its AI data collection policy

5/7/2026

7 minutes

Róbert Kováčik

Atlassian has announced changes to how it will use customer metadata and in-app data from 17 August 2026. Alongside this, new in-app settings have been rolling out since 16 April 2026. What could this mean for your organisation? Read on!

Table of contents

Atlassian’s 2026 data collection policy update
Atlassian data collection timeline
Checklist for Atlassian cloud admins
What exactly is changing on August 17, 2026?
The hidden cost of Free, Standard, and Premium Atlassian plans
Easy8 Private WorkOps platform: No training on your data
Keep AI and automation under your control

TL;DR

Atlassian's update for 2026 introduces mandatory metadata sharing and optional in-app data use for AI training. This update is prompting organisations to review their governance and privacy policies, as well as their overall AI strategy, before 17 August. Review your settings, align stakeholders and explore alternatives if you require stricter control over your data.

Atlassian’s 2026 data collection policy update

Starting August 17, 2026, Atlassian is updating its data contribution policies to utilize customer metadata and in-app data to enhance AI experiences across its platform. To ensure user privacy, all contributed information will be rigorously de-identified and aggregated before being used to train and improve these tools for all customers.

While the company is introducing new administrative settings to manage in-app data sharing, metadata contribution will remain mandatory for organizations on Free, Standard, and Premium plans.

Atlassian states that it de-identifies and aggregates data before using it, restricts team access, and respects data residency; it also notes that the change does not affect its support for GDPR compliance and that it does not sell data.

According to Atlassian, the motivation is straightforward: by learning from richer and more diverse customer data and usage patterns, it aims to deliver enhanced AI capabilities that benefit all customers across its platform.

But now is the moment to ask the following questions:

Who holds the cross-functional authority to define our data boundaries?
What specific data are we comfortable sharing, and how do we technically enforce that?
How does this decision fit into our overarching AI strategy?

Atlassian data collection timeline

The upcoming changes regarding Atlassian's data contribution policy is following:

April 16, 2026 (Rollout begined): Atlassian begins gradually rolling out the new data contribution settings in Atlassian Administration, allowing admins to start reviewing their preferences.
May 19, 2026 (Rollout completed): The new data contribution settings are fully available for all organizations. Admins have a 90-day window from this point to consult stakeholders and finalize their data sharing preferences.
August 17, 2026 (Changes take effect): The updated customer terms and new AI data usage policies officially go into effect, utilizing data in accordance with the settings chosen by each organization.

Checklist for Atlassian cloud admins

Atlassian admins should urgently review the 2026 data policy changes, especially mandatory metadata sharing and new AI data controls, and align with stakeholders on data governance and AI strategy before August 17, 2026.

Here is what you should review and act on:

Log into Atlassian Administration and check your data contribution settings
Confirm your current plan tier and understand your opt-out rights
Inform your DPO or legal team before 19 May
If you are on Premium or a lower tier, assess whether metadata sharing fits your industry requirements
Consider whether a private deployment better supports your data governance policy

What exactly is changing on August 17, 2026?

For some Atlassian customers, this introduces a new layer of internal complexity. Teams suddenly find themselves asking practical questions: who needs to approve this, how should it be configured, and what exactly is included in the scope?

Uncertainty often grows further when additional factors come into play, such as existing tools like Rovo and connectors, ongoing trials, or specific requirements around AI usage and data privacy.

In practice, this affects two main types of data:

Metadata: includes readability scores, complexity ratings for Confluence pages, task classifications, semantic similarity scores, and numeric fields like story points in Jira or SLA targets in Jira Service Management. theregister
In-app data: content such as titles and body text of Confluence pages, titles, descriptions, and comments on Jira work items, and custom workflow names.

Atlassian states that any data used for analysis is first de-identified and aggregated. This means personal details, such as names and email addresses, are removed before the data is processed. The company also confirms that it does not sell this information.

The hidden cost of Free, Standard, and Premium Atlassian plans

This point of view is often overlooked: the 'hidden costs' of Atlassian's Free, Standard and Premium plans show how mandatory metadata sharing and limited opt-out options increase governance and compliance overheads.

Consider how these impacts extend beyond technical configuration to affect legal, privacy and organisational decision-making for affected customers.

The Register has a valuable point: "Unless a customer pays for the most expensive enterprise license, or the law forbids it, Atlassian will collect their data. Metadata contribution cannot be fully opted out of on Free, Standard, or Premium plans."

Customer segment	Practical impact	Key compliance & governance challenges
Free / Standard Cloud	High	Metadata is permanently contributed; in-app data contribution is ON by default and requires active opt-out management.
Premium Cloud	Medium	In-app data contribution is OFF by default, but metadata contribution remains ON with no opt-out option available.
Enterprise Cloud	Medium	Can opt-out of metadata contribution, but this requires active governance, oversight, and internal justification.
Rovo + Teamwork Graph connectors	High	Expanded data scope involves more stakeholders; raises additional compliance and privacy questions regarding connected external data sources.
Cloud Migration Trial	Medium to high	Trials inherit the settings of the highest active plan; creates a high risk of governance confusion during the migration process.
Data Center-only customers	Low	This specific cloud data contribution change does not affect them.
Government / CMK / BYOK / Isolated / HIPAA	Low to medium	These environments are frequently excluded from data contribution, making this specific pain point less severe.
EDU / Universities	Medium	Not automatically excluded; often triggers sensitive internal privacy debates, especially given their generally lower dedicated security capacity.

Atlassian explicitly acknowledges that data contributed from one application may be used to improve another application in its portfolio; at the same time, data contributions also affect certain Teamwork Graph connectors, particularly some Synced and Synced Lite connectors.

Regarding Direct connectors, Atlassian states that it does not store the data but accesses it in real time via the API.

On the other hand, there is a discussion going on on The Hacker News about Atlassian’s implementation of default data collection for AI training and the subsequent user criticism regarding privacy and consent.

Easy8 Private WorkOps platform: No training on your data

Taking all the above-mentioned points into consideration, you might be searching for some Jira alternatives. Easy8 can be seen as the player that raises the question: “What if there were AI without sharing your operational data into a cross-customer improvement loop?"

Easy8 is designed as a private WorkOps platform, available on private cloud or on-premises deployments. In these environments, Easy8 does not access customer content at all, as there is no centralised cloud collecting or processing data. It also does not use customer data to train AI models.

Clear governance defines how knowledge, workflows, logs, connectors and permissions are handled, so you can expect:

Private by architecture: Deploy Easy8 on-premises or in a controlled EU Sovereign Cloud to keep full control over your data and ensure compliance with strict security standards.
AI with governance: Set clear boundaries for how knowledge, workflows, logs, connectors and permissions operate, so your AI and automation always stay under control.
WorkOps (not just work management): Go beyond task tracking by combining delivery, automation, support, knowledge and compliance into one unified WorkOps framework.
For data-sensitive teams: Designed for defence, critical infrastructure, enterprise operations and software teams that require a higher level of control, security and data protection.

For organisations operating in regulated industries or under strict data sovereignty requirements, this architectural approach makes a clear and important difference.

Keep AI and automation under your control

Atlassian is updating its data practices so that customer metadata (depending on your plan, in-app content from Jira and Confluence) can be used to train and improve AI features across all customers, not just your own organisation.

The change takes effect on 17 August 2026. Settings are rolling out from 16 April and must be in place by 19 May 2026. Metadata contribution is locked on for Free, Standard, and Premium plan customers with no opt-out.

In-app data can be turned off by any admin, and Enterprise customers can opt out of both. EU-based and compliance-heavy organisations should review their settings and consult their DPO before the May deadline.

If you want to be absolutely certain about what happens to your data and ensure that AI does not share your usage data as part of a cross-customer improvement cycle, start looking for alternatives (like Easy8).

Start your Easy8 trial and take control of how your data is used across AI and automation. Define what types of data can be shared, decide who is responsible and configure everything at the level of your organisation, applications, spaces and connectors.

Use the trial to align internal communication with both users and leadership, and ensure your setup fits your company’s AI strategy from day one. Or request a migration pilot to validate everything in your real environment before full rollout.

Jira AI

Róbert Kováčik

Quality Assurance

Róbert, quality guru and Head of QA at Easy8 has been with the company since its early stages and knows every nook and cranny of our software. He is responsible for quality management and overseeing the release of new versions.

With a rigorous approach to testing and a commitment to continuous improvement, he leads our QA team in delivering an excellent user experience and maintaining the highest performance and security standards. Róbert is a member of Mensa Czech Republic and an enthusiast of skiing and mountains.

Frequently asked questions

News

3 minutes read

Tired of Jira? Test Easy8 as safe way for Jira migration

When teams move away from Jira, especially with Data Center reaching end of life, they are not looking to start from scratch. They need a reliable transition. Easy8 offers a unified platform that builds on what you already use, while removing limitations and connecting the full project lifecycle. Curious how the transition can work for you? Keep reading!

Project management

11 minutes read

Top 5 open source Jira alternatives

Jira’s rising costs, forced cloud shift, and clunky performance are pushing more teams to ask a simple question: isn’t there a better way to run projects? In this guide, we’ll walk through five open-source Jira alternatives that give you predictable pricing, on-premises options, and the flexibility to model complex workflows.