Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,554,294
Community Members
 
Community Events
184
Community Groups

Security information about Sourcetree

Veroniki Stamati
Veroniki Stamati Jun 11, 2019

Hi, 

 

A few questions about using Sourcetree in corporate environment. 

It looks like the SourceTree app requires users to create a Bitbucket account so they can use it and connect it to GitHub, as explained in this guide. Our security team would like to understand whether any data is made available to Atlassian through this process and what sort of data that is. If it includes any personal data, where is this data going to be stored geographically and how can we ensure that we meet our GDPR obligations?

 

We have also attempted to find information in relation to the security practices followed for SourceTree app, however we have not been able to locate anything specific within your Trust Centre. All certifications published there seem to cover other Atlassian apps but not SourceTree. Can you point us to any other specific resources?

 

And lastly in some of the previous posts in the community it was mentioned that Sourcetree security advisories are not included in the subscription mailing list which is designed for this purpose. Why is this the case and what is the recommended way of receiving security advisories for the Sourcetree app?

 

Many thanks

 

Answer
Watch
Like Be the first to like this
758 views

2 answers

0 votes
Veroniki Stamati
Veroniki Stamati Jun 12, 2019

Thanks Mike, will wait for your response on security advisories. 

Reply
0 votes
Mike Corsaro
Mike Corsaro
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Jun 11, 2019

Hello!

 

I'll have to circle back on the security sub mailing list question, but in regards to Sourcetree requiring a Bitbucket account:

  • The Bitbucket account is only used to verify users -- we do not send any personally identifying data to our servers
    • Once you sign in you won't need to refresh credentials or anything like that
  • Sourcetree does have anonymous usage analytics -- we ask for permission for this in the welcome wizard, and can additionally be disabled under "Options > Help improve Sourcetree by sending anonymous data about your usage"
  • If anonymous usage analytics are enabled then we do track the number of repos you've interacted with and the provider you're using. No personally identifying info such as the repo name, or code, or anything like that is sent. Atlassian does not have access to any of your code
Reply

Suggest an answer

Log in or Sign up to answer
Sourcetree
Sourcetree
TAGS
AUG Leaders

Atlassian Community Events

See all events