Last updated Nov 9, 2023


The security of your app data is crucial to ensure that your customers can use your apps with confidence. The app data and mappings you export and access can contain Personally Identifiable Information (PII) which is subject to 'Right to erasure' through GDPR.

This page explains the security features and guidelines of the app migration platform that can protect app data from unauthorized access, malicious or accidental changes.

You can find more information in our docs about security considerations for Jira and Confluence.

It is best practice to only export the app data you need for migration.

Use access scopes to inform Jira or Confluence admin users about the type of mappings, product data, and app data that you choose to migrate. The access scopes you declare will be visible to the admin user on the user interface of the Jira or Confluence Cloud Migration Assistant. Your app data migration can continue if the admin user consents to the access scopes that you declare.

There are two types of access scopes:

  • Product data and app data access scopes declare the type of data that you choose to migrate to the Atlassian secure cloud storage.

  • Migration tracing access scopes declare the type of mappings that your server and/or cloud app will access.

Read our docs for information on declaring access scopes.


You must disclose all the data that you access for the purpose of migration in your data security and privacy policy. Refer our developer guidelines for appropriate use of customer data.

Recommendations on accessing the app data and mappings export

In order to comply with user privacy requirements, we do not recommend downloading the export app data or mapping file/s from the cloud storage location. App data and mappings that are downloaded to storage locations outside Atlassian risk being exposed to unauthorized access.

If you choose to download the exported data from cloud storage, you must (at a minimum) follow guidelines for user personal data reporting to receive notifications for 'Right to erasure' requests during the migration.

Limits on accessing app data and mappings export

In order to meet security and compliance requirements, we have placed the following limits on accessing data and mappings exported to the cloud storage location:

  • You can access mappings up to fourteen days after you receive the first notification of your server app being triggered.
  • You can access the exported app data up to twelve days after you receive the notification of app data export to the Atlassian secure cloud storage location.

The app migration platform will delete all exported app data 12 days and mappings 14 days after you receive the above notifications.

Rate this page: