Hi @Dom Bush - 

Due to the ability for customer admins to define their own fields in Jira or content in Confluence, we cannot absolutely rule-out logging of PII. However, if we realize that some fields do contain PII, we strip them from logging. We also : 

1. Restrict access to logs generally;
2. Check if the (schema-defined) automatically tainted fields are correct for your service;
3. Determine a list of fields in your logs that can be tainted (contain UGC/PII) or are always clean (don't contain UGC/PII);
4. Determine if individual fields need exceptions from the above generic lists at the event level (`ugc_dirty` and `ugc_clean` tags on the fields), and remove from logs;
5. Treat any PII in logs as a Security Incident.

As Andreas mentioned above, we retain logs for 30 days in hot storage, and 365 in cold storage, after which logs are automatically deleted. For more information, see: https://www.atlassian.com/trust/security/security-practices#making-use-of-logs 

Hope that helps.

-Bill Marriott

Atlassian Trust & Security

Hi Dom,

we closely monitor data privacy topics in the Atlassian ecosystem so we can keep developing our app GDPR and Security in a meaningful way and adjust it to the newest changes.

However, for Atlassian's Cloud products, it is not clear how exactly their application architecture works.

We assume that data like this is indeed stored for support and investigation purposes, but without access for users or even admins.

Furthermore it stands to reason that they only store it for a limited time – maybe 30 days – and discard it when they don't need it anymore.

Unfortunately there are no official details available on this, however.