It is important to understand how Rovo and Atlassian handle permissions and your data.

Rovo includes features that are designed to interoperate with third-party products. For example, you may connect third-party products to Rovo.

Connecting Rovo with third-party products may give third parties access to information you choose to use in connection with their products, and your use of third-party products and information you share may be governed by their terms and policies, including their privacy policies.

For more detail, see “Third Party Services” in Atlassian’s Privacy Policy.

Rovo synchronises with access controls and permission settings from connected third-party products and your Atlassian products. This helps ensure that users only see content they have access to.

Because Rovo relies on these permissions you have set, before connecting a third-party product you should check and remind users to check the permissions set up for that product.

For example, if you connect Google Drive to Rovo, users need to log in and authorize themselves using their Google Drive credentials to see any Google Drive results in Rovo. Once authorized, users will be able to see public documents and private documents that they already had access to.

We check for permission changes and update Rovo with changes as soon as reasonably possible.

We ‘listen’ for content deletion, and update the Rovo index with changes. For example, once the Rovo index is updated, content that’s deleted from a connected third-party product will not appear in Rovo results.

If an organization admin disconnects a third-party product from Rovo, we will delete the content we've indexed from the third-party product.

We index the entire workspace of the third-party product you connect (for example, the entire Google Drive or the SharePoint workspace). Currently, you can’t refine the scope of the index any further (such as choosing to only index specific folders in Google Drive) but this is something we might consider in the future.

To provide Rovo, we store the metadata and content for each file found in a third-party product. We also store permissions settings about the file to ensure that we only show content that users have access to.

We use this data to serve Rovo AI-powered features, including Search results and Chat messages.

We may also use it for troubleshooting and debugging, or to solve support queries you or your team raise with us.

Content we index for Google Drive includes document body content, description, thumbnails and the folder name.

Content we index for Microsoft Sharepoint includes document body content and the folder name.

Content from Google Drive and Microsoft SharePoint is stored in Atlassian's cloud-based storage system. We keep a sync with the data source and will delete the content if it is deleted from the source.

Metadata we index for Google Drive includes created and modified time and date, version information, document type and extension, drive ID, document owners, permissions and sharing information, view status, last modifying user, media information, labels, and checksums.

Metadata we index for Microsoft SharePoint includes created and modified time and date.

At this time, Rovo doesn’t support data residency. We have plans to support it in the future.

Rovo is governed by our trust standards but hasn't undergone any third-party security or compliance certifications (SOC2, ISO etc). Read more at the Atlassian Trust Center.

At this time, Rovo is not HIPAA compliant, and our Business Associate Agreement (BAA) does not cover these Rovo features. If you are required to comply with HIPAA, we recommend that you do not opt-in to the Rovo beta until we have expanded our coverage to include it.

Rovo uses OpenAI LLMs and open-source, self-hosted LLMs, such as LlaMa3, Mixtral, and Phi-3.

The LLM providers we use do not use your inputs and outputs to improve their services. Neither OpenAI nor any other LLM provider retains your inputs and outputs. More information can be found at our Trust Center.

As always, remember to abide by the following policies when using Rovo, including when using Rovo Chat and when you create a custom agent: Acceptable Use Policy and Third Party AI Policies.

Read more about how we use your data at the Atlassian Intelligence trust centre, and in our responsible technology principles.