Our app only sends data to Confluence, only the data necessary to invoke and then poll their REST API for copying hierarchies of pages. Their copy API requires page titles and some preference flags for things like the choice of copying page properties. Our app polls the API after it is invoked to check the status of the request. Our app does not store this data or send this data anywhere else. The shared secret used to identify your deployment is securely stored in our DB and that is the kind of thing reviewed by us and Atlassian as part of the security certification.
What data we store (and where) is a subtopic of the question “whether or not our data will leave our Atlassian org if we do use Copy Space” in order to copy a space, we do read and write some data ephemerally over the wire to achieve the copy — particularly the space configuration. This includes permissions and templates, for example, we do not store any of that information, but it does pass through our app
We do not store any of the data required to copy a space, we only store the registration data as our security page states
In copy space, we do not handle any of the page content in the space being copied. The titles and other metadata for any root pages in the space will flow through our system.
We store a small amount of registration information when the app is installed: a shared secret to verify that requests made by Atlassian to our app are valid and to sign our app's requests back to Atlassian. The registration data also includes a small amount of metadata about your instance including the site URL and the app license SEN. We store the data in Heroku and the Heroku database region is "US".
Diagram of the data flow in Connect Apps