Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Security information about Sourcetree

Veroniki Stamati June 11, 2019



A few questions about using Sourcetree in corporate environment. 

It looks like the SourceTree app requires users to create a Bitbucket account so they can use it and connect it to GitHub, as explained in this guide. Our security team would like to understand whether any data is made available to Atlassian through this process and what sort of data that is. If it includes any personal data, where is this data going to be stored geographically and how can we ensure that we meet our GDPR obligations?


We have also attempted to find information in relation to the security practices followed for SourceTree app, however we have not been able to locate anything specific within your Trust Centre. All certifications published there seem to cover other Atlassian apps but not SourceTree. Can you point us to any other specific resources?


And lastly in some of the previous posts in the community it was mentioned that Sourcetree security advisories are not included in the subscription mailing list which is designed for this purpose. Why is this the case and what is the recommended way of receiving security advisories for the Sourcetree app?


Many thanks


2 answers

0 votes
Veroniki Stamati June 12, 2019

Thanks Mike, will wait for your response on security advisories. 

0 votes
Mike Corsaro
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 11, 2019



I'll have to circle back on the security sub mailing list question, but in regards to Sourcetree requiring a Bitbucket account:

  • The Bitbucket account is only used to verify users -- we do not send any personally identifying data to our servers
    • Once you sign in you won't need to refresh credentials or anything like that
  • Sourcetree does have anonymous usage analytics -- we ask for permission for this in the welcome wizard, and can additionally be disabled under "Options > Help improve Sourcetree by sending anonymous data about your usage"
  • If anonymous usage analytics are enabled then we do track the number of repos you've interacted with and the provider you're using. No personally identifying info such as the repo name, or code, or anything like that is sent. Atlassian does not have access to any of your code

Suggest an answer

Log in or Sign up to answer
AUG Leaders

Atlassian Community Events