A few questions about using Sourcetree in corporate environment.
It looks like the SourceTree app requires users to create a Bitbucket account so they can use it and connect it to GitHub, as explained in this guide. Our security team would like to understand whether any data is made available to Atlassian through this process and what sort of data that is. If it includes any personal data, where is this data going to be stored geographically and how can we ensure that we meet our GDPR obligations?
We have also attempted to find information in relation to the security practices followed for SourceTree app, however we have not been able to locate anything specific within your Trust Centre. All certifications published there seem to cover other Atlassian apps but not SourceTree. Can you point us to any other specific resources?
And lastly in some of the previous posts in the community it was mentioned that Sourcetree security advisories are not included in the subscription mailing list which is designed for this purpose. Why is this the case and what is the recommended way of receiving security advisories for the Sourcetree app?
I'll have to circle back on the security sub mailing list question, but in regards to Sourcetree requiring a Bitbucket account: