We currently use Confluence in our organisation for storage of wiki and comments in our IT group.

We are assessing using BitBucket for source control in preparation for potentially moving to JIRA for our backlog management.

We have some security questions which focus on your employment checks for employees that have access to the data held in BitBucket. this is particularly important for us as we are dealing with source code.

Could you tell us:
1. What employment checks you complete on employees and sub contractors with access to the data?
2. What are restrictions of data being copied off the system?
3. Are there any scenarios where you expect to see or have seen data copied off bit bucket?
4. What are consequences for employees who tamper, leak or maliciously impair systems?

I apologize for these questions but until we can get these answered there will be no way we could use Bit Bucket in the cloud (i know we could use on premise but I do not want to hassle of provisioning and maintaining hardware.

I could not find any documentation in your security area that would help me answer these so i thought I would approach directly.