Atlassian Enables Default Data Collection to Train AI

April 20, 2026
aisecurityprivacybusiness
A vibrant, close-up photo of various vintage postage stamps from around the world, featuring diverse designs.
Photo by Tolga deniz Aran on Pexels

What changed

It has been reported that Atlassian will begin collecting customer metadata and in‑app content from Jira, Confluence and other Atlassian Cloud products by default starting August 17, 2026. The data will be used to train its AI offerings, including Rovo and Rovo Dev. Roughly 300,000 customers are affected. Metadata collection will be mandatory on Free, Standard and Premium tiers, Enterprise tenants keep more controls, and Atlassian says contributed data may be retained for up to seven years.

What they’ll collect — and how they say they’ll protect it

Atlassian draws a line between “metadata” (de‑identified signals such as readability scores, story points, sprint dates, semantic similarity metrics, SLA values) and “in‑app data” (user content like page titles, issue descriptions, comments, custom emoji and workflow names). The company says it will remove direct identifiers, aggregate signals and apply protections before model training. It has been reported that in‑app content removed or opted out will be purged within 30 days, and any models trained on that data will be retrained within 90 days to excise the contribution.

Tiered defaults and exclusions

Defaults follow an organization’s highest active plan: Free and Standard have metadata always on (in‑app data on by default but configurable), Premium keeps metadata on but in‑app off by default, and Enterprise plans have both off by default with opt‑outs available for metadata. Customers using customer‑managed keys, Atlassian Government Cloud, Isolated Cloud, or those with HIPAA obligations are excluded from the program entirely. Nice — if you can afford it.

Why this matters

It has been reported that this marks a reversal of Atlassian’s earlier stance that customer data wouldn’t be used to train AI. This mirrors a wider SaaS trend: vendors harvesting internal signals to bootstrap and fine‑tune models while promising de‑identification. The upside is real — better search, smarter summaries, helpful templates, faster agent workflows. The downside is thornier: mandatory telemetry can leak organizational patterns, seven‑year retention lengthens exposure, and a 90‑day retrain window leaves a gap. Who wins? Customers on tight budgets get smarter tools; customers who prize control and compliance may have to pay for the privilege. Time to read the fine print — and maybe ask procurement some hard questions.

Sources: letsdatascience.com, Hacker News