Закрыть

Atlassian Guidelines for Law Enforcement Requests

Updated policy effective as of January 12, 2018

Atlassian’s policy on responding to law enforcement requests

Atlassian provides software tools for teams to collaborate in an online platform environment. These guidelines provide information to inform law enforcement officials seeking customer account records and customer content (“Customer Information”) from Atlassian in response to valid legal process, consistent with our privacy policy and use policy.  Atlassian respects the rules and laws of the jurisdiction in which it operates, as well as the privacy and rights of its customers. Accordingly, Atlassian provides Customer Information in response to law enforcement requests only when we reasonably believe that we are legally required to do so. To protect our customers’ rights, we carefully review requests to ensure that they comply with the law.

To obtain Customer Information from Atlassian, law enforcement officials must provide legal process appropriate for the type of information sought, such as a subpoena, court order, or a warrant. For example, Atlassian will not provide non-public customer content unless served with a valid search warrant, issued on a showing of probable cause by a federal or state court authorized to issue search warrants, which requires Atlassian to disclose the content. Please review these guidelines before submitting a law enforcement request to Atlassian.

These guidelines are intended to serve as an informational resource and do not create obligations or waive any objections concerning how Atlassian will respond in any particular case or request. Atlassian reserves the right to seek reimbursement for the costs associated with responding to law enforcement data requests, where appropriate.

User Notice Policy

Atlassian’s policy is to notify customers of requests for their information and provide them with an opportunity to object to the disclosure 7-10 days prior to production, unless such notification is prohibited by law.  Atlassian may shorten the notice period in its discretion, but generally only does so in emergency situations. Law enforcement officials who believe that notification would jeopardize an investigation should obtain an appropriate court order or other process that specifically prohibits customer notification, such as an order issued under 18 U.S.C. § 2705(b).

Further, if your request places Atlassian on notice of an ongoing or prior violation of our use policy, we will take action to prevent further violation, including account termination and other actions that may notify the user that we are aware of the misconduct. If you believe in good faith that taking such actions will jeopardize an ongoing investigation, you may request that Atlassian defer such action in your request. Atlassian will evaluate such requests on a case-by-case basis. It is the responsibility of the requesting law enforcement official to make this request, as it is Atlassian’s policy to enforce its terms of use.

Serving a Valid Law Enforcement Request & Contact Information

Email Address for Law Enforcement Questions and to Send Legal Process:

lawenforcement@atlassian.com

Mailing Address for Law Enforcement Requests:

Atlassian Inc.
Attn: Legal Department
350 Bush Street, Floor 13
San Francisco, CA, 94104
USA

While we agree to accept service of law enforcement requests by these methods, neither Atlassian nor our customers waive any legal rights based on this accommodation.

Each request must include contact information for the authorized law enforcement agency official submitting the request, including:

  • Requesting agency name
  • Requesting agent name and badge/identification number
  • Requesting agent employer-issued email address
  • Requesting agent phone contact, including any extension
  • Requesting agent mailing address (P.O. Box will not be accepted)
  • Requested response date (see details below for emergency requests)

Please note that requests seeking testimony must be personally served on our registered agent for service of process. We do not accept such requests in person or via email.

Available Atlassian Customer Information

Atlassian offers a variety of software tools on its platform that contain Customer Information. In addition, Atlassian maintains certain Customer Information in internal systems as a matter of regular business processes. Atlassian will review and respond to requests for Customer Information pursuant to a valid, enforceable government request, court order and/or warrant, depending on the type of information requested.

The categories of Customer Information that may be available for law enforcement requests seeking basic customer account information, include, for example: email address, name, phone number, screen name, instant messenger ID and/or billing contact information (in connection with paid accounts). Additional information regarding IP addresses, transactional records and other customer records may be available.

The categories of Customer Information that may be available to law enforcement requestors depends on which Atlassian product is used by the customer about whom law enforcement seeks information. We encourage law enforcement officials making a request for Atlassian Customer Information to review our product descriptions before preparing legal process and submitting your request, order or warrant. For example, Trello enables teams to organize information. Available Customer Information involving Trello might include, in addition to basic account information, IP access information, board member information and/or content. As another example, Bitbucket facilitates teams to collaborate while developing code. Available Customer Information involving Bitbucket might include, in addition to basic customer information, dates that the user created and last accessed the Bitbucket account, IP addresses associated with log-ins to a user account, team memberships and source code (content) stored in a Bitbucket repository. As a third example, Stride provides team chat and messaging functions. Available Customer Information using Stride might include, in addition to basic customer account information, IP addresses associated with log-in information and chat messages (content).

Law Enforcement Preservation Requests

Atlassian will preserve Customer Information for 90 days upon receipt of a valid law enforcement request. Atlassian will preserve information for an additional 90-day period upon receipt of a valid request to extend the preservation. If Atlassian does not receive formal legal process for the preserved information before the end of the preservation period, the preserved information may be deleted when the preservation period expires.

Preservation requests must be sent on official law enforcement letterhead, signed by a law enforcement official, and must include:

  • The relevant account information identified below for the customer whose information is requested to be preserved;
  • A valid return email address; and

  • A statement that steps are being taken to obtain a court order or other legal process for the data sought to be preserved.

​Preservation requests may be sent to the contact information (mailing address or email account) provided, above.

How to Request Atlassian Customer Information

When requesting Customer Information, law enforcement requestors should provide as much of the following information as is available. Providing the following identifying information will facilitate Atlassian’s ability to respond in an effective and timely manner:

  • Basic Customer Account Information (Atlassian systems): Username, email address, URL, Support Entitlement Number (SEN)

  • Customer Information involving Atlassian products:

Atlassian Product

Information to Include in Law Enforcement Request

Bamboo

email address

Bitbucket Cloud

Username, team name, email address, and/or repository URL

Confluence

User ID, email address, IP address, URL, SEN

Crucible

email address

Fisheye

email address

Hipchat

User ID, email address associated with the user account, and/or Hipchat group name and group administrator’s email address

JIRA (Core, Service Desk, or Software)

username, email address, URL, SEN

OnDemand

username, email address, URL, SEN

Sourcetree

email address

StatusPage

Email address, status page URL

Stride

User ID, email address associated with the user account, group name, group administrator’s email address

Trello

Username, email address, URL (for board(s))

International Law Enforcement Requests

U.S. law authorizes Atlassian to respond to requests for Customer Information from foreign law enforcement agencies that are issued via a U.S. court either by way of a Mutual Legal Assistance Treaty (MLAT) request or letter rogatory.  It is our policy to respond to such U.S. court-ordered requests when properly served. Atlassian will evaluate emergency requests from foreign law enforcement on a case-by-case basis, consistent with U.S. law and the laws of other countries, if applicable. Emergency requests may be submitted directly to Atlassian via the procedure described below.

Emergency Requests

Atlassian evaluates emergency requests on a case-by-case basis. If you provide information that gives us a good faith belief that there is an emergency involving imminent danger of death or serious physical injury to any person, we may provide information necessary to prevent that harm if we are in a position to do so, consistent with applicable law.

Emergency requests may be submitted via email to lawenforcement@atlassian.com with the subject line: “Emergency Disclosure Request” and completing and sending this form.