- Atlassian updated its cloud product settings to enable AI training data collection by default, affecting Jira, Confluence, and related tools.
- The change means customer interaction and content data is shared with Atlassian to improve Atlassian Intelligence features unless an administrator explicitly opts out.
- Enterprise administrators can disable the setting through the Atlassian admin console, but the opt-out is not surfaced prominently during onboarding.
- The move drew criticism on HackerNews and from privacy advocates who argue enterprise SaaS defaults should favor opt-in for data used in model training.
What Happened
Atlassian, the maker of Jira Software, Confluence, Jira Service Management, Trello, Bitbucket, and Loom, updated its cloud data-handling settings to enable collection of customer data for AI model training by default. The change is tied to Atlassian Intelligence, the company’s suite of generative AI features embedded across its cloud products. Customers who do not actively opt out will have their interaction and content data used to improve those models.
The update was surfaced publicly on HackerNews and has prompted renewed scrutiny of how enterprise SaaS vendors handle the consent model for AI training pipelines.
Why It Matters
Atlassian’s products sit at the center of software development and IT service management workflows at hundreds of thousands of organizations, including many that handle confidential business strategy, engineering roadmaps, incident data, and customer support tickets inside Confluence and Jira. Enabling data collection by default—rather than requiring an explicit opt-in—means large volumes of potentially sensitive enterprise content could flow into training pipelines without administrators being aware.
This follows a pattern seen across the enterprise SaaS industry in 2024 and 2025: Zoom, Adobe, Slack, and Microsoft all faced similar controversies after updating their terms of service or default settings to permit AI training on user-generated content, sometimes reversing course after public pressure.
Technical Details
Atlassian Intelligence, launched in 2023 and expanded throughout 2024, provides AI-assisted features including smart summaries in Confluence, issue auto-fill in Jira, and virtual service agents in Jira Service Management. The data collection change applies to Atlassian’s cloud tier; self-hosted Data Center deployments are not subject to the same default because data does not transit Atlassian’s infrastructure in the same way.
According to Atlassian’s product documentation, the data shared under this setting includes user-generated content and interaction signals used to fine-tune or evaluate Atlassian Intelligence models. Administrators can locate the opt-out toggle under Settings > Atlassian Intelligence > Data sharing in the admin console. There is no in-product alert or email notification sent to org admins when the default is activated on their instance.
The absence of a proactive notification is a key point of concern for security and compliance teams, particularly at organizations subject to GDPR, SOC 2, or sector-specific data residency requirements, where data flows to vendor AI pipelines may require a documented legal basis or data processing agreement amendment.
Who’s Affected
The change directly affects organizations running Atlassian cloud plans—Free, Standard, Premium, and Enterprise tiers—whose administrators have not reviewed and disabled the new default. This is a particularly acute concern for software engineering teams, IT departments, and legal or HR teams that use Confluence for internal documentation, since that content tends to be high in confidential business context.
Managed service providers and system integrators that administer Atlassian environments on behalf of clients carry additional exposure, as they may need to audit client instances and update data processing agreements before the next compliance review cycle.
What’s Next
Atlassian has not announced a reversal of the default setting. Administrators who wish to opt out should audit their org settings in the Atlassian admin console immediately and confirm the data-sharing toggle is set to their intended state. Organizations with active GDPR data processing agreements or customer data protection commitments should consult legal counsel to determine whether an amendment is required given the changed default.
