Get 100 US$ for 25 minutesJoin Our Remote Atlassian Forge Market Research Study
Forge Opportunities

Why Data Residency Matters for Atlassian Marketplace Apps Too

Matthias Rauer
#Forge#Data Residency#Security#Compliance#Marketplace#Apps
Laptop with code editor connected to security lock icons via dotted lines

Data Sovereignty Matters for Enterprises

Enterprises must retain control over the data processed and stored within their software systems at all times. This need is not only driven by internal security policies but also by comprehensive compliance and legal regulations that typically apply to large organizations.

These requirements demand the highest security and data protection standards from any software solution in use. For modern businesses, a secure, compliant infrastructure with full transparency and control is not optional — it’s essential.

Security and Compliance Within the Atlassian Infrastructure

Atlassian’s cloud infrastructure comes with a robust set of security and privacy promises, including:

  • Industry-leading hosting infrastructure with redundant architectures
  • Encryption in transit and at rest using state-of-the-art standards
  • A comprehensive data protection program covering development and operations
  • GDPR-compliant data processing agreements
  • Industry-specific compliance support, e.g. for EBA and BaFin requirements

A Key Pillar of Compliance: Data Residency

Another important component of Atlassian’s data protection and compliance architecture is Data Residency. This administrative feature allows organizations to specify the geographic region — such as Germany — where application data is stored.

Why is Data Residency such a critical requirement?

  1. Meeting Regulatory Requirements
    Organizations in highly regulated sectors — finance, healthcare, government — must comply with strict privacy regulations, industry standards, and laws such as the GDPR or national data protection acts. Data Residency ensures that data is stored and processed in compliance with these local requirements.

  2. Ensuring Data Sovereignty
    In some cases, internal policies or government contracts require that sensitive data remain within national borders. Data Residency gives organizations control over legal jurisdiction, a key factor for risk mitigation.

  3. Trust and Transparency
    For B2B clients, it’s a strong signal when companies can clearly show where their data resides. Data Residency supports customer confidence and trust — and can offer a competitive edge.

  4. Improved Performance
    Storing data closer to the user often improves performance and reduces latency, resulting in a more stable and responsive cloud application experience.

In short: Atlassian’s security and compliance framework is comprehensive, solid, and reliable. With Data Residency, Atlassian offers a compelling answer to many common privacy concerns.

What About Marketplace Apps Installed in Your Atlassian Instances?

Atlassian’s core products support Data Residency. But what about the apps and integrations your teams install? Where do these apps send your data? Where — and how — is it stored?

This is a significant but often opaque gap.

The reality: Some cloud apps run on servers operated by the app vendor, outside Atlassian’s infrastructure. Your organization has no insight into where these systems are hosted and where your data ends up. That’s even more concerning given that such apps may transfer not only application data but also personal data — e.g., from your employees.

Such uncontrolled data transfer is incompatible with corporate compliance standards and potentially violates privacy laws like the GDPR — opening doors to security vulnerabilities and legal risks.

Your organization is well-advised to identify and phase out such apps, replacing them with modern, secure alternatives that clearly document how and where your data is handled.

How to Identify Data Residency-Compliant Apps

“Runs on Atlassian” is a new app designation being introduced by Atlassian to the Marketplace. This badge is awarded to apps that meet and prove compliance with three strict criteria:

The app…

  • … is fully hosted and operated within Atlassian’s cloud infrastructure
  • … does not send data to third-party servers (no data egress)
  • … supports Data Residency and respects the data storage settings of the core Atlassian product

If you want to ensure that your installed apps meet the same data protection standards as Jira or Confluence themselves, keep an eye out for the new badge in the Atlassian Marketplace.

When it comes to Marketplace apps, if security and data sovereignty are your priorities, “Runs on Atlassian” is the certification that matters.

Runs on Atlassian is the new gold standard for apps on the Atlassian Marketplace and will roll out over the summer. Here’s an overview of the apps that already meet the new standard.

Regularly reviewing your Marketplace apps is an essential part of modern system administration. However, a comprehensive app assessment in a large Jira or Confluence system can be a complex undertaking. Our experienced Atlassian experts are happy to support your team in approaching an app review in a structured and effective way. This enables us to achieve tangible results that benefit your organization. Contact us via email or simply schedule an initial remote meeting with us!

← Back to Blog