Trust, data and security | Snapshots Documentation

This page covers where Snapshots stores data, what infrastructure Snapshots itself uses, and the boundaries of what's involved when you give Snapshots access to your Jira and Confluence.

It's intended for procurement, security, and compliance reviewers as much as for administrators. If you're evaluating Snapshots and need to attach answers to a vendor review, this is the right page to start from.

Where snapshot data is stored

The Jira data captured in a snapshot — the actual values shown in the table on a Confluence page — lives entirely inside Confluence, on Atlassian's infrastructure. Each snapshot is stored as a JSON attachment on the Confluence page that hosts the snapshot.

In practical terms:

Backing up the Confluence page or space backs up the snapshot data.
Data residency for snapshot data is the same as for the rest of your Confluence content. If your Confluence site is in the EU, your snapshot data is in the EU.
Atlassian's own data protection, encryption, and access controls apply to snapshot data the same way they apply to any other Confluence content.

For more on the data model, see How snapshots work — Where snapshot data is stored.

What metadata Snapshots itself stores

Some Snapshots metadata — the registry of macros and pages, snapshot version history, sticker assignments, automation API keys, retrieval task history — is held in Snapshots' own infrastructure, not on Confluence. This metadata is what makes the diff/compare view, sticker navigation, and automation features work.

This metadata is hosted on Google Cloud Platform in Frankfurt, Germany. It is always stored in this single region, regardless of the data residency of your Atlassian site. If your Atlassian site is in another region (United States, Australia, EU outside Germany, and so on), your Confluence content — including the actual Jira data captured in snapshots, which lives as JSON attachments on the page — stays in that region per Atlassian's residency model. The metadata Snapshots itself stores does not.

It does not include the actual Jira data shown in snapshots. That stays on Confluence, as described above.

For backup and migration of this metadata, see Backing up and restoring snapshots.

What Snapshots reads from Jira

When a snapshot is taken, Snapshots issues read-only queries to Jira through the Access Agent companion app. Access Agent is installed on the Jira side and granted the standard Atlassian Connect read scopes. The user account that authenticates the connection determines which Jira data is visible to Snapshots — Snapshots cannot see Jira data the connecting user can't see.

Snapshots does not write to Jira. It does not modify issues, comments, transitions, or any other Jira data.

For the install and connection steps, see Installing Snapshots and Access Agent.

Permissions inside Confluence

Snapshot data is rendered to anyone with view access to the Confluence page hosting the snapshot. That's a deliberate property — see How snapshots work — Who can see a snapshot and Permissions for snapshots.

A page viewer without a Jira license can still see the snapshot. A page viewer without view access to the page cannot see it. Page-edit access controls who can take a new snapshot. An administrator can grant take-snapshot to specific groups without granting page-edit access; see Permissions for snapshots for the override.

Backup, recovery, and migration

Snapshots metadata can be backed up manually or automatically via API. Backups can be restored to the same Atlassian site or a different one, supporting both Cloud-to-Cloud and Data-Center-to-Cloud migrations.

See Backing up and restoring snapshots for the procedure.

Disabling Snapshots in spaces with sensitive content

If a Confluence space hosts content that should not show snapshot data — for example, a space shared with external audiences — a space admin can switch Snapshots off for that space; page viewers see a placeholder rather than the snapshot.

A caveat: switching Snapshots off does not delete the underlying snapshot data. The JSON attachments remain on the affected pages. If the data must not exist on those pages at all, remove the pages or attachments separately. See Disabling Snapshots for a space.

Reporting a security concern

If you believe you've discovered a security vulnerability in Snapshots or Access Agent, please report it directly to support@radbee.com with the subject line beginning Security:. We treat security reports as high priority and respond within one business day.

What's next

How snapshots work — the data model that informs everything on this page.
Backing up and restoring snapshots — backup procedures and migration support.
Permissions for snapshots — the access model in detail.
Disabling Snapshots for a space — managing snapshot visibility per space.