Parent Company
Atlassian Corporation (Delaware, US)
CLOUD Act Status
✗ Exposed
Canadian Data Residency
✗ Not Available
Encryption
✗ Vendor-Managed Only
TIA / PIA Required
Yes — Law 25 & POPA
Sibling Product
Jira has CDN residency →

Is Trello CLOUD Act exposed for Canadian organizations?

Yes — and Trello has a sovereignty story that surprises many organizations. Trello is owned by Atlassian Corporation, the same parent company that owns Jira and Confluence. Atlassian is incorporated in Delaware and fully subject to the CLOUD Act. But here's the critical difference: while Jira and Confluence offer Canadian data residency across 11 regions on all paid plans, Trello offers no data residency at all.

This is because Trello runs on a separate infrastructure platform. Jira and Confluence run on Atlassian's "Micros" platform — a modern architecture built with data residency support. Trello runs on a legacy "non-Micros" platform that predates Atlassian's data residency infrastructure. Atlassian has not yet migrated Trello to the Micros platform or extended data residency capabilities to it.

The practical consequence: all Trello board data, card data, attachments, comments, and user content is stored exclusively in the United States on AWS. There is no option to pin data to Canada, the EU, or any other region. There is no customer-managed encryption. For sovereignty purposes, Trello is one of the weakest tools in the Atlassian suite.

This creates an important planning consideration: if you're using both Trello and Jira, your Jira data may be pinned to Canada while your Trello data is stuck in the US. Document this discrepancy in your compliance records.

Regulatory Analysis

CLOUD Act exposure

Atlassian Corporation redomiciled to the United States in October 2022, incorporating in Delaware. All Atlassian products — including Trello — are fully within CLOUD Act scope. Since Atlassian manages all encryption keys for Trello, data can be produced in readable form under a valid US court order.

🍁
Your Canadian Data
Boards, cards, comments
under PIPEDA / Law 25
🏢
Atlassian Corporation
Delaware, USA (since 2022)
US-only hosting for Trello
⚖️
US Legal Process
CLOUD Act · Subpoena
Full data access

The Atlassian discrepancy

This is one of the most important findings for organizations using multiple Atlassian products. Your Jira data can be pinned to Canada. Your Confluence data can be pinned to Canada. Your Trello data cannot. If you're using Trello alongside Jira for lighter project management, task tracking, or team coordination, your Trello data creates a sovereignty gap that undermines the controls you've configured for your other Atlassian products.

Quebec Law 25

Quebec organizations using Trello must complete a Transfer Impact Assessment. Trello boards frequently contain personal information — employee names in card assignments, client details in card descriptions, project timelines with team member information. Penalties for non-compliance can reach $25 million or 4% of worldwide turnover. Upper Harbour provides compliance-ready TIA documentation starting at $99.

Alberta POPA

Alberta public bodies using Trello must complete a PIA. Section G must document Atlassian's US incorporation and CLOUD Act status. Section H2 must note that unlike Jira, Trello has no data residency controls. The PIA Research Tool generates these answers automatically.

BC FIPPA

BC public bodies using Trello must complete a Privacy Impact Assessment. No data residency means maximum jurisdictional and residency risk. Full FIPPA SaaS compliance guide →

Trello is one of 753 tools in the Upper Harbour Sovereignty Index. If you're using Trello alongside Jira, you may have a sovereignty gap — your Jira data in Canada while your Trello data is stuck in the US. Map your full Atlassian deployment to identify these discrepancies.

Map your entire SaaS stack to parent jurisdictions and CLOUD Act exposure in 10 minutes.
Map Your Stack →

Alternatives & Comparison

Trello is significantly weaker than other Atlassian products for sovereignty:

ToolOwnershipCLOUD ActCDN ResidencyCustomer Keys
TrelloUS (Atlassian)ExposedNoNo
JiraUS (Atlassian)ExposedAvailable (11 regions)CMK add-on
ConfluenceUS (Atlassian)ExposedAvailable (11 regions)CMK add-on
Monday.comIsraelIndirectUS/EU/AU onlyBYOK (Guardian)
AsanaUSExposedNo (Ent+ only)EKM (Ent+ only)

Based on Upper Harbour Sovereignty Index data. March 2026.

Recommendation: Migrate Trello workloads to Jira — same parent company, same ecosystem, but with Canadian data residency and CMK encryption. Atlassian provides migration tools for Trello-to-Jira transitions.

💬 Questions about Trello and Canadian compliance?

We help organizations assess jurisdictional risk across their SaaS stack. Book a call or send us a message.

Book a Call → Email Us →

Technical Architecture

Data storage

All Trello data is stored in the United States on AWS EC2. No data residency options are available on any plan tier. This includes boards, cards, comments, attachments, checklists, and user content. Backups are stored in S3, also in US regions.

Trello runs on Atlassian's "non-Micros" platform — separate infrastructure from the "Micros" platform hosting Jira, Confluence, and JSM. The Micros platform supports data residency; the non-Micros platform does not. No migration timeline has been announced.

Encryption

Trello encrypts data in transit (TLS) and at rest. No customer-managed encryption (CMK/BYOK) is available. All encryption keys are managed by Atlassian. Compare with Jira and Confluence, which offer CMK encryption as a paid add-on.

What Trello stores

Trello boards typically contain: task descriptions, team member assignments (names, sometimes emails), due dates, checklists, comments with detailed discussions, file attachments, and Power-Up data from third-party integrations. For organizations using Trello for project management, onboarding, or team coordination, this frequently includes personal information.

No self-hosting option

Unlike Jira (which has Enterprise Server for self-hosting), Trello is cloud-only. There is no on-premises or self-hosted version.

Mitigation Options

Trello offers the fewest sovereignty controls in the Atlassian suite:

  • Migrate to Jira (recommended): For workloads requiring sovereignty compliance, migrate to Jira. Same parent company, same ecosystem, but with Canadian data residency and CMK encryption.
  • Data minimization: Restrict personal information in Trello. Use employee IDs instead of names where possible. Avoid storing client PII or confidential details in card descriptions.
  • Use Trello for non-sensitive work only: Restrict Trello to non-sensitive task management. Use Jira for workloads involving personal information or confidential data.
  • Execute the DPA: Atlassian's DPA applies to all products — but data residency commitments only cover Jira/Confluence/JSM, not Trello.

Bottom line: Trello is the sovereignty gap in the Atlassian suite. If you've configured Canadian data residency for Jira and Confluence but still use Trello, your compliance posture has a hole. Migrate Trello workloads to Jira to close it.

Frequently Asked Questions

Does Trello offer data residency?

No. Unlike Jira and Confluence (which offer Canadian data residency on all paid plans across 11 regions), Trello does not support data residency. All data is stored in the US with no option to choose a different region.

Is Trello subject to the US CLOUD Act?

Yes. Trello is owned by Atlassian Corporation, incorporated in Delaware since October 2022. All data is subject to US legal process under the CLOUD Act.

Why does Jira have Canadian data residency but Trello doesn't?

Jira runs on Atlassian's "Micros" platform built with data residency support. Trello runs on a separate "non-Micros" legacy platform. Atlassian has not yet extended data residency to Trello and has not announced a timeline.

Should I migrate from Trello to Jira for sovereignty?

If sovereignty compliance matters, yes. Jira offers Canadian data residency on all paid plans and CMK encryption. Trello offers neither. Atlassian provides migration tools for Trello-to-Jira transitions.

Do I need a TIA for Trello under Law 25?

Yes. Trello data is stored in the US with no data residency options. A TIA is required for any Quebec organization processing personal information through Trello boards and cards.

Methodology: This assessment is based on Trello's corporate filings (via Atlassian SEC filings), vendor documentation, published DPA terms, and the Upper Harbour classification methodology. Data verified March 2026. Updated quarterly. Part of the Canadian Technology Sovereignty Index.