01Trust Score

Confluence

Week 2026-W20 · 26 Apr 2026 Vendor-Neutral
70 /100 Mostly Positive
↑ 50 vs 2026-W17
2.3/5 (3985)
↓ PDF Report
WHY THIS SCORE

The overall trust score of 50 reflects a conditional recommendation for Confluence. While compliance is strong (35/35 for SOC2, GDPR, ISO 27001) and security features are robust, significant deductions stem from the legal/IP assessment (35/100). This low legal score is primarily due to undisclosed AI training data policies, unclear IP ownership of user content, and opaque data retention timelines. The financial health of Atlassian is strong (83/100), and community sentiment is generally positive (65/100), but these do not offset the critical legal and data transparency risks. To improve the score, Atlassian must provide explicit, publicly available policies on AI training data opt-out, IP ownership, and a comprehensive Service Level Agreement.

Confluence, by Atlassian, maintains a strong market presence as a collaborative workspace. This week's analysis reveals robust security certifications including SOC 2 Type II, ISO 27001, and GDPR DPA availability. However, critical legal and data privacy risks persist due to undisclosed policies on AI training data, IP ownership of user-generated content, and opaque data retention timelines. Enterprise integration documentation is limited, and the absence of a public SLA poses a significant procurement challenge. The tool's deep integration within the Atlassian ecosystem also presents potential vendor lock-in concerns.
Trust Score 70/100 CONDITIONAL
Est. Annual Cost $22,528/year for 100 users 100 users / yr
Top Risk CRITICAL Data Privacy Overall: Medium
Priority Action Negotiate DPA and data residency terms before signing ↓ PDF  · TCO  · Hardening

Enterprise Verdict

! Conditional Approval
Risk: Medium 50 sources
The adoption recommendation is 'conditional_proceed' primarily due to critical transparency gaps in AI training data policies and the absence of a public Service Level Agreement. For a more favorable 'proceed' verdict, Atlassian must provide explicit contractual terms for AI training data opt-out, clear IP ownership of user-generated content, and a publicly available, comprehensive SLA.
Priority Action

Negotiate DPA and data residency terms before signing

This report updates every week. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.
02Top Risks

Risk Assessment

Seven-category enterprise risk analysis derived from community and vendor signals. Each card shows the evidence tier and the underlying finding.

Critical Data Privacy Community Data

The vendor's public documentation does not explicitly state whether customer data is excluded from AI model training, posing a high data privacy risk. This must be treated as implicit consent unless a written opt-out DPA is provided.

High Compliance Posture Community Data

Opaque data retention policies create a compliance gap for GDPR/CCPA-regulated entities, as specific data deletion timelines are not publicly committed. A written DPA with a specific retention schedule is required.

Critical Reliability Community Data

SLA terms are not publicly disclosed. Uptime commitments require direct vendor contract negotiation, which is a HIGH RISK signal for enterprise procurement teams. Absence of a public SLA page means no recourse for downtime without a signed MSA.

High Vendor Lock-in Community Data

Low public enterprise integration score indicates limited documented enterprise controls. Verify SSO, audit logging, and data export capabilities before procurement. The deep integration with the Atlassian ecosystem also contributes to potential lock-in.

Critical AI Transparency Community Data

AI training data policy is not explicitly disclosed, and IP ownership of AI-generated outputs is unclear. This lack of transparency is a critical concern for enterprises using AI features with proprietary data.

Medium Cost Predictability Community Data

Enterprises should negotiate fixed-rate contracts and monitor pricing changes for overage risks.

Medium Support Quality Community Data

Insufficient public community reviews to verify support quality. Standard support channels (email/documentation) are assumed.

Verified — Confirmed by vendor documentation Community — Derived from community reports

Due Diligence Alerts

Priority reviews, recommended inquiries, and verified strengths — based on 56+ community data points

No critical or high-severity alerts this week

Our analysis found no items requiring immediate due diligence action for this reporting period. This does not mean zero risk — check the Risk Assessment section above for the full seven-category breakdown.

03Security & Compliance

Security & Compliance

SOC 2 ✓ Certified
ISO 27001 ✓ Certified
GDPR ✓ DPA
HIPAA ✕ Not found

Data Security

Data Residency: US EU
Encryption (At Rest): AES-256
Encryption (In Transit): TLS 1.3

Security Features

SSO SAML, OAuth
MFA TOTP
Vulnerability Disclosure

IT Hardening Guide

Deployment Checklist

Last verified: 14 May 2026

Enterprise Contract Intelligence

DPA availability, data residency, and contract risk signals for procurement teams

📄 Data Processing Agreement Available
View DPA ↗

A Data Processing Addendum (DPA) is publicly available. It supplements the Atlassian Customer Agreement and outlines roles of parties (Controller/Processor), scope of processing, and data transfer provisions including Standard Contractual Clauses (SCCs). However, it does not explicitly detail AI training data opt-out or specific data retention periods.

🌐 Data Residency Customer-Controlled
Default: US
USEU

Atlassian offers data residency options, allowing customers to specify data storage locations in the US or EU. This helps address GDPR and other regional compliance requirements. However, the default region is US, and specific details on cross-border transfer mechanisms beyond SCCs are not fully elaborated in public documentation.

⚠️ Contract Risk High Lock-in (75/100)
Auto-renewal: Yes ⚠ Unilateral change right: Yes ⚠ Data export on exit: No ⚠ Notice: 30 days
⚠ 5 contract risk flags — click to review
⚠ Unilateral ToS changes without explicit customer consent for paid subscriptions during term.
⚠ Vendor right to use submitted content for service improvement without explicit opt-out for AI training.
⚠ Broad restrictions on competitive use and reverse engineering.
⚠ No explicit data portability guarantee on exit.
⚠ Customer is responsible for user compliance and third-party product usage.

The contract risk for Confluence is high due to several clauses in the Atlassian Customer Agreement. These include unilateral modification rights, automatic renewal, and a lack of explicit data portability guarantees upon termination. The most significant area warranting further due diligence is the undisclosed policy on AI training data, which could lead to vendor lock-in and data privacy issues. Procurement teams must negotiate a custom DPA and MSA to mitigate these risks.

New risk signals detected weekly. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.
04Community Signals

Community Evidence

Sentiment analysis and recurring issues from developer & enterprise community signals this week.

Recurring Issues

Add confluence-based forex & futures pick strategies 🟠 Community 6 mentions medium → Stable

Enterprise Impact: Reported by community on GitHub with 6 comments.

Sources: GitHub
Remove create_schedule task and related Confluence page helpers 🟠 Community 3 mentions medium → Stable

Enterprise Impact: Reported by community on GitHub with 3 comments.

Sources: GitHub
fix: WEB-2806 migrate Confluence media URLs off deprecated download e… 🟠 Community 3 mentions medium → Stable

Enterprise Impact: Reported by community on GitHub with 3 comments.

Sources: GitHub
Round 11B-Detection L8: §6.3.4 confluence engine + §2.3 threshold + regime stub 🟠 Community 3 mentions medium → Stable

Enterprise Impact: Reported by community on GitHub with 3 comments.

Sources: GitHub

Source Highlights This Week

Specific signals from GitHub, Hacker News, and Reddit — what the community is actually saying

👀

Analysis Pending

Community signals collected this week. Analysis and synthesis will be available in the next report update.

🔗 GitHub Issues & PRs
Add confluence-based forex & futures pick strategies
6 comments Bug 6 comments — high community engagement
Remove create_schedule task and related Confluence page helpers
3 comments Discussion 3 comments — high community engagement
fix: WEB-2806 migrate Confluence media URLs off deprecated download e…
3 comments Bug 3 comments — high community engagement
05Financial Impact

Financial Impact Panel

Cost intelligence and pricing signals for enterprise procurement decisions

Pricing data from public sources — enterprise rates differ. Verify with vendor.

TCO Calculator

Pricing Not Available

Enterprise pricing information could not be obtained for this vendor. This may be due to custom/private pricing models or limited publicly available data.

Don't evaluate blind next quarter. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.
Learn more about our Audit Methodology →

Independent analysis — signals aggregated from GitHub, Reddit, HN, Stack Overflow, Twitter/X, G2 & Capterra. Not affiliated with any vendor. Corrections?

© 2026 Swanum. All rights reserved. This report is provided “as is” for informational purposes only. It does not constitute legal, financial, or technical advice. Community-sourced data may contain inaccuracies. Reproduction or redistribution requires written permission. Vendors seeking corrections may contact us.

Download PDF Report

Create a free account to download the full enterprise audit PDF.

Sign up — it's free →

Already have an account? Log in