Where does Didit checklists store our data? Only in Atlassian Cloud with Jira and Confluence?

In your recent communications, there’s a mention that ‘End-User Data processed and/or stored in logs’ might be located outside Atlassian products and services. However, the overall message seems to contradict this by indicating no data storage occurs outside of Atlassian’s ecosystem. Could you clarify this discrepancy? Specifically, if logs are indeed stored externally, what type of information do these logs capture? Furthermore, does this mean absolutely no data, including logs, is transferred or stored outside our dedicated Atlassian environment?

As a follow-up, I’d like to ensure our understanding aligns with your data handling practices: Does Didit Checklists exclusively utilize Atlassian Cloud for storing all our data, encompassing both Jira and Confluence platforms, or is there a different arrangement in place?

Thanks for contacting us. We do care about privacy and the security of your data. We do not store personal information like user data or log files outside the Atlassian Cloud. This way the sometimes specifically phrased questions by Atlassian may be misleading at times.

Didit checklists for Jira and Confluence is a so called Connect app. Those apps run their own server where all data of the app lives. We do not store user data. We do not transfer any data from your Jira or Confluence to our servers. But all of our checklists data lives on our server.

Our servers are hosted in a secure and encrypted environment on Google Cloud in Frankfurt, Germany. We apply strict German compliance and data privacy standards to the data. But some members of our team of technicians who build the app possibly have access to the database and can access checklist data. While there may be exceptions checklists do not have personal, confidential or sensitive data in them. But it’s possible - yet unlikely - that users filling out checklists can add sensitive data in comments or pictures. We also store signatures in checklists which you could summarize under sensitive data.

Learn more about this topic here:

You can sign a data processing agreement (DPA) with us.

1 Like

After another customer question I would like to add some additional information about “End-User Data” as Atlassian defines it and our interpretation:

We believe that “content or information of an end user” means content connected to your user, like the content you put into your profile (“Job title”, or “Based in” as examples). And of course technical information. But not checklists/tasks that you create.