Is Jira training AI on your team's confidential work data? As of a policy that takes effect August 17, 2026, Atlassian defaults Jira and Confluence cloud customers into using their content to train Atlassian's AI products. Two data types are involved: de-identified metadata and the in-app content your team writes. Every plan can opt out of the in-app content in about five minutes (Admin, Security, Data contribution). Most plans below Enterprise cannot opt out of the metadata. Enterprise has both off by default.

I have spent years watching the terms of a tool change after I had already built my work around it. Not a price bump you can shrug off, but the kind where the thing you depend on quietly starts doing something new with what you put into it. That is where a lot of teams are right now with Jira and Confluence, and the clock is real: the policy takes effect August 17, 2026.

This is the calm version of that news. What the policy says, what data it touches, how to turn off the part that matters in about five minutes, how Atlassian's choice compares to a few of its peers, and the deeper question underneath it. No alarm. Just the facts and what you can do with them.

</////>

What Atlassian's New Policy Actually Says

Atlassian announced in April 2026 that, effective August 17, 2026, it will use customer data from Jira, Confluence, and Jira Service Management to train its AI products by default. The change affects roughly 300,000 cloud customers. Two categories are covered: de-identified metadata and in-app content. Collected data may be retained for up to seven years. The two categories are worth separating, because the opt-out story is different for each.

• Metadata. De-identified, aggregated signals: readability and complexity metrics, task taxonomies, semantic similarity indices, iteration completion timestamps, Jira SLA values. Atlassian de-identifies and aggregates this before it reaches a model.
• In-app data. User-generated content: Confluence page titles and body text, Jira issue headers, descriptions, comments, and custom names for emojis, statuses, and workflows. This is the category that contains your team's actual confidential work. Metadata is the abstracted shape of how your team works. In-app data is the work itself. When people worry about "Jira training AI on our data," the in-app category is the one they mean, and it is the one you can do something about on every plan.

What Data Is Affected, and Who Can Opt Out

Every plan can opt out of in-app data, the actual content your team writes. No plan below Enterprise can opt out of metadata collection. Enterprise customers have both off by default. Full exemptions apply to customers using customer-managed encryption keys, Atlassian Government Cloud, Atlassian Isolated Cloud, and HIPAA-covered customers. Here is the operational picture by subscription tier. This is the table to screenshot.

<! data-preserve-html-node="true"-- CHART 1: ATLASSIAN AI DATA COLLECTION BY SUBSCRIPTION TIER PLACEHOLDER: paste Chart 1 HTML block here. -->

A few takeaways fall out of that grid. Every plan can opt out of in-app data, the critical category, so that is the action that matters most. No plan below Enterprise can opt out of metadata. Enterprise is protected by default on both counts. Standard needs the most attention: in-app data is opt-out-required, and metadata cannot be turned off at all. There are also complete exemptions, where no data is collected at all: customers using customer-managed encryption keys, Atlassian Government Cloud customers, Atlassian Isolated Cloud customers, and HIPAA-covered customers. If you are not in one of those buckets, the defaults above apply to you.

How to Turn It Off Before August 17 (5 Minutes)

Sign in to your Atlassian organization at admin.atlassian.com, go to Security, then Data contribution, and turn off "Contribute in-app data for AI model training." Save. The change applies to your whole organization. If you run multiple Atlassian sites, repeat for each. The setting has been live to configure since April 16, 2026.

• Log in to your Atlassian organization at admin.atlassian.com.
• Go to Security, then Data contribution.
• Turn off "Contribute in-app data for AI model training."
• Save. The change applies to your entire organization.
• If you have multiple Atlassian sites, repeat for each site. That is the whole procedure. No contract changes, no sales call, about five minutes. The only constraint is timing: configure it before August 17, 2026. The toggle is already there waiting for you. If you administer more than one site, the per-site repeat is the easy thing to forget, so it is worth a second pass.

How This Compares to Notion, Slack, and Microsoft

Atlassian opts customers in by default. Several peers do not train on customer data by default: Notion states using Notion AI does not grant it the right to train models on your data, Slack does not train generative AI models on customer data without affirmative opt-in, and Microsoft prevents foundation-model training and offers data residency controls.

This is the published policy for each tool, with primary sources linked below. It is not a verdict on any company, just the documented posture each one has chosen.

<! data-preserve-html-node="true"-- CHART 2: AI TRAINING POSTURE BY SAAS TOOL PLACEHOLDER: paste Chart 2 HTML block here. -->

One nuance is easy to lose. Atlassian's policy applies specifically to its own AI product development, including Atlassian Rovo and Rovo Dev. It is not claiming the data for general commercial sale. The mechanism is that your team's content informs how Jira's AI gets smarter, and "smarter for Atlassian's AI" is built on your team's specific confidential work. That is the concern worth weighing. What "Training on Your Data" Actually Means

Machine learning training uses existing data to adjust a model's parameters, its pattern-recognition weights, so it produces better outputs later. Training on your content makes your writing patterns and project structures part of the statistical substrate shaping future responses. Atlassian de-identifies and aggregates the data first, which reduces re-identification risk but does not remove the contributed patterns. Precision is the antidote to panic here. When a model trains on your Confluence pages and Jira issues, your writing style, your issue templates, your team vocabulary, and your project structures become part of the statistical substrate that shapes how the system responds to future users. De-identification lowers re-identification risk, but it is not the same as removal: the patterns your team's work contributes persist in the model's behavior even after your organization's footprint is obscured. Your product roadmaps inform its understanding of how roadmaps are structured; your client project descriptions inform its sense of how service work is described. This is not a claim that something nefarious happens to a specific document. It is a statement about where the control sits. Once the content is in the training set, the decisions about it are no longer yours. The Deeper Pattern: Why the Location of Your Data Decides What Can Happen to It

When your team's work runs in cloud software, the vendor sets the terms for what happens to that content, and those terms can change. Self-hosted Jira (Jira Data Center) does not train Atlassian's AI because the data never reaches Atlassian. The location of your data determines what can be done with it, more reliably than any terms-of-service commitment. The Atlassian situation is a specific instance of a broader pattern. When you run your team's work in cloud software, the conditions of what happens to that content are set by the vendor, not by you, and they can be revised. In April 2026, Atlassian updated its terms. In May 2025, Plex placed remote streaming behind a paywall. In January 2026, Spotify raised prices. Each is a unilateral change to a service you cannot inspect and cannot easily replace in the middle of a workflow. The architectural answer is not to keep hunting for a better-behaved SaaS vendor. It is to run the infrastructure you depend on from hardware you control. Self-hosted Jira (Jira Data Center) does not train Atlassian's AI on your data, because the data never reaches Atlassian. That is the privacy-as-architecture idea in one sentence: the location of your data determines what can be done with it, more reliably than any promise in a terms-of-service document. A policy can change in April. A structural fact, the data sitting on hardware you own with no pipe leaving it, does not change because a vendor revised a clause. The honest part: self-hosting is not free, and it is not effortless. Jira Data Center requires server infrastructure and ongoing IT management. Running your own stack means you own the uptime, the backups, and the updates a cloud vendor otherwise handles. That is a real trade-off, and for some teams the cloud convenience is worth the exposure. The point is to make that a decision you reach on purpose, not a default you inherit. What You Can Do (A Graduated Response) Immediately, on any plan, opt out of in-app data contribution before August 17. On Standard, where metadata cannot be opted out, teams handling sensitive client work can weigh an Enterprise upgrade or an alternative. Structurally, self-hosted options (Jira Data Center, Plane, GitLab, Taiga, NocoDB) keep project data on hardware you control. Three levels, depending on how far you want to go. Immediate, all plans, before August 17, 2026. Opt out of in-app data contribution now: Admin, Security, Data contribution, off. Cost: about five minutes, no contract changes. Medium-term, for Standard plan users. Metadata collection cannot be opted out on Standard. If metadata privacy matters for your team's work, particularly for teams handling sensitive clients, evaluate whether an Enterprise upgrade is warranted or whether alternatives are worth exploring. Structural, for teams thinking architecturally. If this episode has you reconsidering where your project data lives, these are the self-hostable paths named in our research:

• Jira Data Center, Atlassian's own self-hosted product. Data stays on your servers, with no AI training contribution. Requires server infrastructure and IT management.
• Plane, an open-source, self-hostable project management platform launched on GitHub as a Jira alternative. Full issue tracking, sprints, and modules, deployed on your own hardware.
• GitLab (self-managed), a complete DevOps and project management stack. GitLab's blog explicitly positioned itself as an opt-out alternative when Atlassian's policy broke in April 2026.
• Taiga, available on Companion Hub. Open-source Scrum and kanban project management, one-click deploy, running entirely on your hardware with no cloud AI training.
• NocoDB, available on Companion Hub. A database-and-spreadsheet hybrid that can replace Confluence-style content databases, self-hosted, with no external data contribution. You do not have to leave Jira to protect your team this month. The five-minute opt-out does the urgent work. The structural options are there for when you are ready to ask the longer question.

Frequently Asked Questions

****Does opting out of in-app data stop all data collection?

No. Opting out of in-app data stops collection of the content your team writes. On Free, Standard, and Premium plans, de-identified metadata collection continues and cannot be opted out. Only Enterprise has metadata off by default.

****What happens if I do nothing before August 17, 2026?

On plans where in-app data is opt-out-required, doing nothing leaves your team's content eligible to be used for Atlassian's AI training when the policy takes effect. You can change the setting later, but content already contributed is the concern, so acting before the date is the safe move.

****Is my Jira data sold to other companies?

No. According to the policy, the data is used for Atlassian's own AI product development, including Atlassian Rovo, not sold for general commercial use. The concern is that your confidential content shapes how Atlassian's AI behaves, not that it is resold.

****Does self-hosted Jira train Atlassian's AI? No. Jira Data Center, Atlassian's self-hosted product, keeps your data on your own servers, so it never reaches Atlassian and cannot be used for AI training. The trade-off is that self-hosting requires server infrastructure and IT management.

****How would I know if another SaaS tool is training AI on my data? Often you do not know until the policy changes, usually through a notification email and a settings page, with the default increasingly set to opt-out-required. The structural resolution is the same: if the data never leaves your network, the question does not arise.

****The thing I keep coming back to is that none of this is about Atlassian, not at its core. Atlassian made a defensible product decision and announced it in advance, which is more than some companies do. The clarifying part is what the moment reveals: when your work lives somewhere you do not control, the rules can change, and the burden to notice and respond lands on you.

So do the five-minute thing today if you are on a cloud plan. Then, if it has you thinking about where your team's work lives, that is the more interesting conversation. If you are working through what this means for your setup, the Companion Intelligence Discord is where people are comparing notes and figuring it out together.

Works Cited

<! data-preserve-html-node="true"-- ================================================================ Chart 2: AI training posture by SaaS tool ================================================================ -->