The Jira Server for Microsoft Teams consists of two solutions:

•  An Azure web application that works in conjunction with Jira Server app (add-on) and provides two-way communication, thus you can expect traffic to be coming from the Azure app and to be sent to it from Jira. The traffic for this would be sent to and from both Jira and the remote end points :
  https://jira-server.msteams-atlassian.com - End point used for the application link creation

           https://msteams-jira-server.service.signalr.net - Azure WebAPI Service that will handle the application communications.

•  and serverless Azure Function that serves Connector (one-way), this will be receiving traffic from the Jira Server App to that serveless Azure function (One way only):

           – https://connectors.msteams-atlassian.com/

GDPR: What Data is Collected and Stored

We are collecting and storing:

•  OAuth tokens to ensure applications interconnectivity and user authorization and mapping between Jira and Microsoft Teams.

• Jira configuration (Jira url).

We don’t collect, process or store any personal information, including user name, name and email addresses.    

We do not store IP addresses. We identify location based on IP address, IP address is transmitted to identify the location but not stored.

We do not store any project or communication specific data from Jira, Bitbucket or Microsoft Teams.

GDPR: How is the data protected in transit?

For obtaining and sending Jira data we leverage Jira Server APIs and webhooks over HTTPS. 

For authorization, we leverage OAuth 1.0a - https://developer.atlassian.com/server/jira/platform/oauth/. User access tokens are stored in Jira Server Active Objects - internal table of Jira database on-premises on customer instances. We don't have any access to it.

For the means of security we don't store and pass any telemetry from Jira Server side, the only way we can access it is after Jira admin explicitly turns on debug loggers and sends us atlassian-jira.log.