Hi Atlassian,
We need to talk about data persistency in Forge Storage. Like, have a good talk. A real talk. A talk that will help both you and the Atlassian Marketplace Partners to continue our journey on making Forge the best platform to develop apps.
Because you are doing something really weird with Forge Storage, something that is really not in line with Forge being a FaaS platform.
Here is the thing: for better or for worse, Atlassian Marketplace partners are independent companies. You designed it that way. You also create a legal framework in which you persistently claim that we have a one-on-one relationship with our customers who buy our apps.
Atlassian is just acting as a reseller, offering a shop window (Marketplace) and payment handling. But once the customer installs the app, they enter into an agreement between themselves and the Atlassian Marketplace Partner. Apart from any licensing & billing issues, Atlassian does not accept any responsibility of what happens with regard to that relationship.
As a Marketplace Partner, this gives us a lot of freedom. Freedom to operate the way we want, to choose whichever technology stack we prefer. You even gave us the tools to do so: Atlassian Connect and Atlassian P2 are both frameworks that allow us to create the apps the way we see fit (with P2 apps having the sole requirement that they are compatible with the Java version and database engine on which the host application runs).
For Atlassian Cloud, this means that we can choose whatever hosting provider we want. We can use a $5 VPS or Digital Ocean droplet. We can go all in on Kubernetes. We can use FaaS/Serverles solutions like AWS Lamba, Firebase, Cloudflare workers or Vercel.
You donât dictate any of that because this is our choice, and it is something we have to communicate with our customers.
Now with Forge, youâve created a nice in-between solution: it is a FaaS like any other, but operated by Atlassian. This is truly a unique selling point (apart from the fact that it is still free ). Running our application code as close to the Atlassian host product as possible, enabling the ability to keep data contained to Atlassian systems is truly a huge leap forward with regard to improving the security posture of our apps.
But⊠(there is always a but)
You seem to forget that from the âlegalâ perspective, Forge is just any other provider. It is similar to AWS, Firebase, Cloudflare, etc. It is a FaaS offering a service, and we, as Marketplace Partners are your customers.
We are running our business on your platform, to fulfil our contractual obligations to our customers. Our customers ask us to operate our app, handle their data and store it.
This is not your data. It is the data provided to us by customers, as a result of a legal agreement between the customer and the Atlassian Marketplace partner. And we, as a Marketplace Partner, enter into a separate 3rd party agreement with you, Atlassian, to host that data for us, similar to how we enter into agreements with other providers like AWS, GCP or Cloudflare.
The fact that you make decisions on how to deal with this data in Forge Storage is giving really icky vibes that shows that you do not fully understand this very important legal fact.
It already started with the fact that Atlassian coupled data residency of Forge Storage with data residency of the host product. Without any notification to the Atlassian Marketplace Partner, Atlassian moves data from one region to the other. This is really disturbing, because if you fuck up, WE are responsible. How can we be legally responsible for an action that you take without our explicit approval or explicitly requested by us?
But it becomes an even bigger problem when you read this:
Following an investigation, we have identified that:
- There is no data loss.
- A change was made as a part of the Forge data residency rollout, where data is now bound to the installation identifier instead of the app and site.
- There was a gap in our communication with partners around this specific change.
- The existing behaviour for app uninstallation, where data persisted between installations, did not match what the user interface told administrators. I.e. âUninstalling will permanently remove this version of the app from â.
- The new behaviour of not persisting data between installations is in line with the intended experience.
As a result of the investigation, our next steps are that:
- We will define and include new documentation on the Forge app installation lifecycle to clarify the expected behaviour and communicate this with partners.
- We will explore options for restoration of data from previous installations directly in the admin user experience.
- We will enable support to re-link data from previous installations as a part of the ECOHELP process within 14 days from app uninstallation.
(Atlassian Developer Status - Forge Storage data inaccessible after re-install of app)
This is really problematic.
You have decided that you can dictate when it is appropriate to delete Forge Storage data on behalf of the Atlassian Marketplace Partner.
By doing so, you are directly interfering with the legal agreement between the customer and the Atlassian Marketplace Partner, but without taking any of the legal responsibility for data loss.
Data retention is not your responsibility. It is the responsibility of the Atlassian Marketplace Partner. Image having AWS deleting RDS database data or GCP emptying a Firestore database without prior notification!
You do not get the angry customer, we do. You will not be held liable, we are.
The sole purpose of Forge Storage is to solve the problem of data egress. By adding opinions about data residency and data retention, Atlassian is injecting itself into a legal relationship which it so carefully tried to avoid.
Iâm really asking you to reconsider your attitude towards Forge Storage and ask yourself the hard question to determine what role you are playing here, for the legal ramifications of your current course of action makes it very dangerous for businesses to take on the risk Forge Storage imposes on their operations. I for one will not be able to justify using Forge Storage from a corporate risk management perspective, as I do not wish to be legally responsible for whatever whim Atlassian operates on.
CC: @tpettersen