All persistent eSign data (e.g. Signatures) resides ONLY within each Customer’s host Jira instance (e.g. https://<customername>.atlassian.net). See the following Atlassian support article on data residency for host Jira instances (https://support.atlassian.com/security-and-access-policies/docs/understand-data-residency-and-realms/).

In operation, eSign requires temporary access to Jira Host instance data to implement electronic signature functionality. This information is retrieved via the Atlassian Jira API (encrypted in transit) and used temporarily by eSign during signature processing; it is not permanently stored.

The eSign processing servers are hosted securely by AWS. The eSign processing servers are hosted securely by AWS. See https://aws.amazon.com/compliance/iso-certified/ for more information on AWS security compliance and accreditation.

The following table identifies the Jira data that is accessed temporarily by the eSign servers and why each is necessary.

Jira API	Fields Accessed (Not Stored)	Purpose

Jira API	Fields Accessed (Not Stored)	Purpose
Jira Configuration	Project name, enabled Issue Types, defined User Fields and allowed Issue States	eSign workflow controls allow restricting Signatures to User Fields. The list of defined User Fields is retrieved for eSign Configuration (e.g. Reporter, Assignee, Custom). eSign allows restricting Signature function by Issue State (e.g. Open/In Progress) Project display name and issue types are displayed on the Verification Report
Issue Data	Project, Issue Status, User Fields (subset)	Issue Status is required to enforce workflow status restrictions configured at the project level. The contents of User fields configured in eSign as restricted User Fields are accessed to determine if the current user is permitted to execute a signature on that issue.
Issue Data	Issue Type, Summary, Description, Attachments	Signature verification requires a cryptographic link to the contents of the issue. The Issue Summary, Description and Attachment (metadata) is hashed into a checksum that is stored with each executed signature. This checksum is used during signature verification to detect if issue contents or attachments were changed after signing. Image attachments embedded in the description or other rich text fields are read to include in the PDF Archive report.
User Data	Display Name, Time zone and Locale, E-mail Address	The user name, time zone and locale are retrieved to populate the signee name and local date/time for the electronic signature. E-mail address is used only to send transactional notification email (e.g. Signature Pin Reset)

Data Processing Locations

eSign for Jira has multiple data processing locations. Customers have the option to “Pin” their eSign app location to one of the following locations via Atlassian Security administration. Once pinned, the eSign server(s) in that location will perform all signature processing for that cloud site.

Note that eSign does not permanently store any end-user data outside of the Atlassian cloud. Processing “closer” to the cloud site can provide the following benefits.

For customers with regional compliance requirements, pinning the location to within a specific region ensures that signature data processing occurs within that region.
Customers with Atlassian cloud sites located closer to the EU will notice faster response time when working with eSign as compared to the US hosted location.

See this Atlassian article for more information on Data Residency. Data Residency: Manage Where Your Data is Hosted | Atlassian. Pinning apps is available within admin.atlassian.com

Location	eSign Hosted Region (AWS)

Location	eSign Hosted Region (AWS)
Default	US (East)
European Union	Europe (Frankfurt)
Germany	Europe (Frankfurt)
USA	US (East)