Is the Atlassian Rovo app safe to use? A 2025 security deep dive

Enterprise AI tools like Atlassian Rovo are popping up everywhere, promising to make our work lives easier. But let’s be real, letting an AI rummage through your company’s data brings up some serious questions about security and privacy. You’re giving it access to your company’s collective brain, so it’s only smart to ask: is it actually safe?

First, let’s clear up a common mix-up. If you search for "Rovo app," you might see tools for tracking car maintenance or finding a tennis partner. This guide isn’t about those. We’re talking specifically about Atlassian Rovo, the AI assistant that’s built into the Atlassian products you likely already use, like Jira Service Management and Confluence.

In this article, we’ll give you a straightforward, no-fluff breakdown of Rovo’s security, how it handles your data, and what compliance standards it meets. Our goal is to give you the facts you need to answer the big question: Is the Rovo app safe to use?

What is Atlassian Rovo?

Think of Atlassian Rovo as an AI-powered teammate that lives right inside your Atlassian ecosystem. It’s built to help your team find information, whip up content, and automate tasks without having to jump between a dozen different apps.

It’s made up of three main parts:

1. Rovo Search: This is a unified search bar that can pull information from all your Atlassian products and even connect to third-party apps like Google Drive or Slack.

2. Rovo Chat: A conversational AI you can talk to. Ask it for a quick summary of a project, brainstorm ideas, or get answers based on your company’s internal documents.

3. Rovo Agents: These are customizable AI bots you can build to take care of repetitive work, like flagging incomplete Jira tickets or drafting a weekly update.

All of this runs on a system Atlassian calls "Atlassian Intelligence" and a "Teamwork Graph," which basically helps the AI understand how your projects, people, and documents are all connected.

Key security and privacy features of Atlassian Rovo

Alright, this is the part that really matters. When you give an AI tool the keys to your data, you need to know exactly what it’s doing with them. Here’s how Rovo handles security and privacy.

How Rovo handles your data and uses LLMs

Rovo uses a variety of large language models (LLMs) to do its work, tapping into models from OpenAI (the GPT family), Anthropic (Claude), and Google (Gemini), along with some of Atlassian’s own.

The burning question is always, "Is my data being used to train these AI models?" Atlassian’s answer is a firm no. They state that your data is never used to train these general-purpose models. When you send a prompt, it’s processed in-memory and then discarded. Atlassian even has a zero-day retention policy for this data, which means it’s not being stored anywhere long-term.

Permission management and who sees what

One of Rovo’s most important security features is that it respects all your existing user permissions. Whatever access levels you’ve set in Confluence, Jira, or Google Drive are automatically applied to Rovo.

What this means in practice is that a user can only get answers from content they already have permission to see. If an intern isn’t supposed to view the confidential "Project Phoenix" folder in Google Docs, Rovo won’t pull information from it for that intern. This is a huge deal for preventing accidental data leaks.

This is a great baseline, but for some teams, especially in customer support, you might need even tighter control. For example, a dedicated AI support tool like eesel AI lets you set very specific rules that might limit the AI to answering only certain types of questions or handling specific ticket categories. This gives managers fine-grained control over what gets automated.

Admin controls and data governance

Atlassian gives administrators a few key tools to manage how Rovo interacts with company data.

• Blocklists: If there are specific folders in SharePoint or Google Drive you want to keep off-limits, admins can create blocklists to stop Rovo from indexing that content.

• Audit Logs: Every action in Rovo, from an admin changing a setting to a user asking a question, is tracked in the Atlassian audit log. This gives you a clear paper trail of how the tool is being used.

• Data Residency: Rovo supports data residency, so you can choose to "pin" your data to a specific location, like the EU or the US. This is really important for companies that have to follow local data protection laws.

Certifications and compliance

Rovo is built on the Atlassian Cloud platform, which means it inherits all its compliance standards. The big ones are SOC 2 and ISO 27001. It also supports GDPR requirements.

But here’s a major limitation you need to know about: Atlassian Rovo is not HIPAA compliant. If your organization deals with protected health information (PHI), Rovo is off the table. You’ll need to find a solution that offers a Business Associate Agreement (BAA).

Rovo in practice: Strengths and weaknesses

Okay, the technical specs are great, but what does this security look like day-to-day? Let’s walk through a couple of common scenarios to see where Rovo shines and where a more specialized tool might be a better fit.

Unifying knowledge with Rovo Search

Imagine a project manager needs a quick update. They can just ask Rovo Search, "What’s the latest on the Q4 marketing campaign?" The AI can then scan a Confluence page for the project plan, a Jira epic for ticket status, and a Slack channel for recent chats to pull together a complete summary.

That’s super helpful for finding information. But for a support team, the goal is to resolve customer issues. A platform like eesel AI is built for action. It doesn’t just search your knowledge base; it learns how your best agents solve problems by analyzing thousands of your past tickets. It then uses that knowledge to draft replies and even close tickets on its own, freeing up your team for more complicated issues.

Automating tasks with Rovo Agents

You could set up a Rovo Agent to automatically screen new bug reports in Jira. If a report is missing key information, like steps to reproduce the bug, the agent could flag it and comment, asking the user for more details.

The catch is that setting up these agents in Rovo Studio can get pretty technical, fast. For customer support workflows, eesel AI offers a much simpler, self-serve approach. You can connect your helpdesk with a single click and then run a simulation on thousands of your past tickets. This shows you exactly how well the AI will perform and how much you could save before it ever interacts with a customer, so you can roll it out with confidence.

Atlassian Rovo pricing and accessibility

Let’s talk money. For a while, no one was quite sure what Rovo would cost. The good news? It’s now included at no extra cost for customers on Atlassian Cloud Premium and Enterprise plans for products like Jira, Confluence, and Jira Service Management. It’s expected to be available for Standard plans in late 2025 as well.

Now, "included" doesn’t mean it’s a total free-for-all. Usage is measured through "indexed objects" and "AI credits," which depend on your plan. For instance, on a Premium plan for a single product, you get 250 indexed objects and 70 AI credits per user each month. If you have the Enterprise Teamwork Collection, those numbers jump way up to 6,250 objects and 1,500 credits.

Rovo’s bundled pricing is a great deal, but only if you’re already all-in on the Atlassian ecosystem. It effectively keeps you tied to their platform. For businesses that want a top-tier AI solution that can plug into any helpdesk, whether it’s Zendesk, Freshdesk, or Intercom, a platform-agnostic tool makes more sense. eesel AI’s pricing is transparent and predictable, with no hidden fees per resolution. You get a specialized tool with flexible monthly plans you can cancel anytime, so you only pay for what you need.

The verdict: Is Rovo app safe to use?

Back to the original question. Yes, for most businesses, Atlassian Rovo is a secure tool. It’s built on a solid foundation of enterprise-grade security and privacy practices.

It respects user permissions, doesn’t use your data for general model training, gives you strong admin controls, and has major compliance certifications like SOC 2 and ISO 27001. Basically, if your organization already trusts Atlassian with its data, extending that trust to Rovo is a reasonable step.

The one major exception, and it’s a big one, is its lack of HIPAA compliance. This makes it a non-starter for any company in the healthcare space or anyone handling protected health information.

Unlock powerful, secure AI for your support team

Rovo is a safe and solid general-purpose AI assistant. But if your team needs a high-performance solution specifically for customer support or ITSM, a specialized platform will get you much further.

eesel AI is designed from the ground up to solve the real-world problems that support teams face every day. It offers a better approach by focusing on what actually matters:

• Get started in minutes, not months: eesel AI is truly self-serve with one-click integrations. You can forget about long onboarding calls and complicated setups and get up and running on your own time.

• Roll it out with total confidence: Our simulation mode lets you test the AI on thousands of your past tickets. You’ll see exactly how it will perform and what your ROI will be before it ever talks to a customer.

• Unify all your knowledge for real results: eesel AI doesn’t just find information. It learns how to resolve issues by analyzing your past tickets, help centers, Confluence docs, and more to provide resolutions that are actually helpful.

Ready to see what a dedicated AI support platform can do for you? Start your free trial of eesel AI or book a quick demo to learn more.