Hey there, @Andy, good questions! Let me quickly rest assure you. The key to your Rovo AI prompts, queries using Rovo AI, and any sensitive data shared by Rovo to your team or summarized briefs, and so forth are protected like data from any other Atlassian apps with: user's Jira access/project permissions; Atlassian Admin settings; and Rovo app's programming.
Starting with the user app/project access and permissions settings:
To access your org's Atlassian instances, your user's email is tied to an account ID and Atlassian's MFA (or your org's SSO, like AzureAD). Your org admin has to add the user with all the credentials, email, account ID (if they use Jira REST API they can give them Jira user access) This authorizes your user to enter your org's Atlassian instance; but they would not be able to access any apps nor data.
Your Jira admin has to put the user in a group with Jira user access, and grant them project permissions for browse projects and view work items. Now, this Jira user would be able to access your data.
Thus, even if I have the credentials to enter your org's Atlassian instance, and somehow got access to Rovo AI, I could ask, "Rovo, give me all the summaries for the last 30 days of @Andy LLC's Confluence, Loom, and Jira updates." Absolutely nothing would happen! I have to have access to browse and view Confluence, Loom, and Jira info at @Andy LLC!
Atlassian Administration (org admin) Managing AI-Enabled Apps:
Your org admin can also remove Jira from AI-enabled apps in Atlassian Administration > AI Settings > AI-enabled apps. Simply click "Remove" next to Jira. That will disable Rovo from being used in your Jira apps.
This admin guide linked here dives deep into the security aspect and best practices for keeping data secure.
What happens to your data when using Rovo:
The support doc for Rovo data, privacy, and usage guidelines explains at the bottom that your inputs, prompts, queries, and outputs are NOT saved and used to train LLM models. This doc also shows Rovo is on its way to SOC 2/ISO27001 too and will eventually fall under Atlassian's yearly compliance audits.
Atlassian created the Transparency and Trust centers to address more specific data concerns for both Rovo AI, Agents, Search, Chat, Studio, and the other features of Rovo.
Atlassian Community member @Katie Lai also has a nice write up from 1 year ago here too in case I missed any details.
In essence, you have a triple shield: Atlassian access, your app's access, and app/data permissions. I hope this helps assuage the Rovo AI data security worries a bit, and please reach out with any questions!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.