Atlassian Enables Default Data Collection to Train AI

Atlassian is changing its data contribution policy so that, starting August 17, 2026, it will use customer metadata and in-app content from Jira, Confluence, and other Atlassian Cloud products to train its AI capabilities, including `Rovo` and `Rovo Dev`. The update applies to about 300,000 customers and implements tiered defaults: lower tiers cannot opt out of metadata collection, while Enterprise plans retain opt-out controls. Atlassian will retain contributed data for up to seven years.

Atlassian has defined two distinct data categories. Metadata covers de-identified signals such as readability and complexity scores, task classifications, semantic similarity metrics, story points, sprint end dates, and Jira Service Management SLA values. In-app data covers user-generated content: page titles and bodies in Confluence, Jira issue titles, descriptions, comments, custom emoji names, custom status names, and workflow names. Atlassian says it will remove direct identifiers, aggregate data, and apply protections before using it for training. The company documents retention and remediation rules: in-app data removed within 30 days after opt-out or deletion, and any models trained on that data will be retrained within 90 days to purge the contribution.

The defaults are explicitly tied to an organization's highest active plan. Free and Standard customers have metadata contribution always on with no opt-out, and in-app data on by default for Free/Standard but configurable. Premium keeps metadata always on and in-app data off by default. Enterprise customers have both off by default and can opt out of metadata. Customers using customer-managed encryption keys, Atlassian Government Cloud, Atlassian Isolated Cloud, or with HIPAA obligations are excluded from contribution entirely.

This policy reverses Atlassian's prior posture, which stated that customer data would not be used to train or improve AI services. The change mirrors a broader industry shift where SaaS vendors harvest internal usage signals and content to bootstrap, fine-tune, or evaluate models, while promising de-identification and aggregated analytics. Practical benefits Atlassian lists include improved search relevance, better summaries, template suggestions, and agentic workflow optimizations. For practitioners, the update matters because it changes data provenance for models used in workplace tooling, and it alters compliance and procurement tradeoffs between price tiers and data control.

The mandatory metadata collection for non-Enterprise customers raises privacy and governance concerns even if identifiers are removed, because telemetry like story points and SLA metrics can reveal project structure and performance patterns. Retaining de-identified data for seven years increases exposure surface over time and places burden on customers that require long-data-retention audits. The documented exclusion paths for high-security customers and those with customer-managed keys are useful, but they require migration to higher-priced plans or specialized deployments.

Organizations should inventory Atlassian tenants and identify the highest active plan per tenant to understand default contributions, update administrative settings during the rollout window, and evaluate whether to migrate to Enterprise or isolated deployments if they require full opt-out. From a product perspective, watch how Atlassian operationalizes 90-day retraining for models and whether downstream LLM vendors used in Rovo claim they do not retain inputs. Expect customer pushback and potential regulatory scrutiny as this pattern spreads across enterprise SaaS vendors.