Trello Review: From a pioneer of Kanban to a platform of “paywalled” productivity in 2026

Atlassian acquired Trello in January 2017 for $425 million. The transaction included $360 million in cash and $65 million in stock and options. At the time of the sale, Trello reported 19 million registered users. Atlassian maintained the freemium model initially which gradually shifted focus toward enterprise monetization. The parent company integrated Trello with its existing suite of tools like Jira and Confluence. This integration strategy drove users toward paid Atlassian Access subscriptions for security features like single sign on. Atlassian retained Trello CEO Michael Pryor and kept the brand intact while funneling engineering resources into the core product. This Trello Review was originally published on our controlling outlet and is part of the Media Network of 2500+ investigative news outlets owned by  Ekalavya Hansaj.

What exact limits did Atlassian impose on free workspaces in April 2024?

Atlassian executed a major contraction of free tier benefits in the spring of 2024. On April 8, 2024, the company enforced a strict 10 collaborator cap on all free Trello workspaces. Workspaces exceeding this limit lost the ability to add new members. On May 20, 2024, Atlassian converted any free workspace remaining above the 10 user threshold into a read only state. Users in these restricted workspaces could view boards reporting could not edit cards or move tasks unless the workspace administrator upgraded to a paid plan or removed excess users.

What pricing tiers exist for Trello users today?

Trello operates on four distinct pricing tiers. The Free plan costs $0 reporting restricts teams to 10 collaborators and 10 boards per workspace. The Standard plan costs $5 per user per month when billed annually. The Premium plan costs $10 per user per month and adds advanced timeline views and dashboard reporting. The Enterprise plan costs $17. 50 per user per month for organizations needing centralized administration and advanced security controls.

How did the January 2024 data scrape expose 15 million Trello users?

On January 16, 2024, a threat actor known as “emo” published the account details of 15 million Trello users on a popular hacking forum. The attacker exploited an unsecured Trello REST API endpoint that allowed unauthenticated queries. The hacker fed 500 million email addresses from previous external data breaches into the Trello API. The system returned the public profile data associated with any matching email address. This method allowed the attacker to link private email addresses to public Trello full names and usernames. The exposed data created immediate phishing risks for affected individuals. Atlassian confirmed the breach and subsequently modified the API to require authentication for public profile queries. The company also advised users to enable two factor authentication to secure their accounts.

What were the exact metrics of the Atlassian acquisition?

Atlassian acquired Trello on January 9, 2017. The final purchase price was 425 million dollars. The transaction included 360 million dollars in cash and 65 million dollars in restricted shares and options. Trello held 19 million registered users at the time of the sale.

Atlassian executives justified the high valuation based on user acquisition rather than immediate revenue generation. Trello generated minimal income prior to the sale. Atlassian projected Trello to contribute just 4 million dollars in revenue during the 2017 fiscal year. The transaction diluted Atlassian earnings per share for both the 2017 and 2018 fiscal years. The immediate financial return was negligible, yet the user base expansion was massive. Trello recorded 1. 1 million daily active users and 14 million total signups by May 2016.

The acquisition immediately altered the customer metrics for Atlassian. During the third quarter of fiscal year 2017, Atlassian added 16, 194 new customers. The Trello buyout accounted for 12, 789 of those new paying accounts. This single transaction expanded the Atlassian footprint beyond software developers and IT departments into general business operations, marketing, and human resources.

Atlassian immediately integrated Trello with its existing product lineup. The company launched native integrations for Jira Software, Confluence, and Bitbucket within weeks of the acquisition. These connections allowed software development teams to link Jira project tracking tickets directly to Trello cards. This cross platform functionality bridged the gap between highly technical engineering teams and non technical corporate departments. The integration strategy turned Trello into a central hub for cross departmental communication.

Trello experienced rapid user growth following the Atlassian integration. The platform reached 35 million registered users by March 2019. The user count expanded to 50 million by October 2019. The application maintained strong web traffic metrics into 2024 and 2025. Trello recorded 76. 75 million monthly website visits in January 2025. Weekly web traffic consistently surpassed 16 million visitors during early 2024. This traffic volume routinely doubled the visitor count of competing platforms like Asana.

Financial reporting for Trello shifted after the acquisition. Atlassian stopped reporting standalone revenue for the application. The parent company bundles Trello revenue into its broader cloud services division. Atlassian reported 3. 5 billion dollars in total revenue for fiscal year 2023. Independent financial estimates place standalone Trello annual revenue near 24. 6 million dollars for 2024. The application holds an estimated 400, 000 paid subscribers among lightweight task management tools.

The user demographic data reveals distinct patterns. Male users account for 56. 7 percent of the Trello user base. Users under the age of 35 make up 55. 3 percent of the total audience. The largest single age demographic is the 25 to 34 bracket. The United States represents the largest geographic market with over 20, 000 corporate deployments. Information technology services and computer software companies represent the largest industry segments using the platform.

Atlassian expanded the technical capabilities of Trello through subsequent acquisitions. The parent company purchased Butler in December 2018. This transaction integrated native automation features directly into Trello boards. The Butler integration allowed users to create rule based triggers without writing code. This addition shifted Trello from a static digital whiteboard into an automated workflow engine.

The table reporting details the exact financial and user metrics recorded during the 2017 acquisition and the subsequent growth phases.

Metric Category	Data Point	Recorded Date
Total Purchase Price	425 million dollars	January 2017
Cash Component	360 million dollars	January 2017
Equity Component	65 million dollars	January 2017
Registered Users	19 million	January 2017
Daily Active Users	1. 1 million	May 2016
Projected 2017 Revenue	4 million dollars	January 2017
New Paying Customers Added	12, 789	February 2017
Registered Users	35 million	March 2019
Registered Users	50 million	October 2019
Monthly Web Visits	76. 75 million	January 2025
Estimated Paid Subscribers	400, 000	January 2024

The Atlassian acquisition strategy focused on market penetration over immediate profitability. The 425 million dollar price tag represented a premium valuation for a company generating under 10 million dollars in annual revenue. Atlassian absorbed the short term earnings dilution to secure the 19 million user accounts. The subsequent growth to 50 million users by 2019 validated the user acquisition model. Trello remains a primary entry point for new Atlassian customers today. The platform introduces general business users to the Atlassian ecosystem before cross selling more expensive enterprise tools.

How did the free workspace policy change initially?

Atlassian maintained the unlimited freemium model for several years post acquisition. The reporting major restriction arrived when Trello capped free workspaces at 10 boards. Users requiring more than 10 boards per workspace were forced to upgrade to paid tiers.

In March 2019, Atlassian announced that free teams, later rebranded as workspaces, could only maintain a maximum of 10 open boards. The policy took effect on May 1, 2019. Prior to this deadline, free teams operated without board limits, allowing entire departments to manage hundreds of projects simultaneously without triggering a paywall. This structural shift represented the reporting calculated effort to monetize large organizations that relied entirely on the free tier. Workspaces exceeding the 10 board threshold could no longer create new boards unless they upgraded to a paid subscription or permanently deleted existing boards. The change immediately forced heavy users to evaluate their reliance on the platform.

During August 2021, Atlassian executed a complete overhaul of the Trello pricing architecture. The company discontinued Trello Gold, an individual subscription priced at $5 per month or $45 annually. Trello Gold previously allowed single users to access paid features like custom backgrounds, 250MB file attachments, and advanced automation without paying for their entire team. By retiring Gold, Atlassian forced users into a per user billing model, eliminating the ability for a single project manager to subsidize a free team. The company introduced the Standard tier at $5 per user per month and rebranded the Business Class tier as Premium at $10 per user per month. This shift mandated that every user in a workspace required a paid license to access advanced tools.

The 2021 restructuring introduced a mix of concessions and restrictions for free users. Atlassian removed the strict limit of one Power Up per board, granting free workspaces unlimited integrations with third party applications like Slack and Google Drive. Yet, the company locked Custom Fields, previously available as a free Power Up, behind the new Standard tier for all newly created boards. Free users retained access to Custom Fields only on legacy boards where the feature was already active, creating a fragmented experience for teams trying to standardize their data entry across new projects.

The most aggressive policy change occurred in the spring of 2024. On April 8, 2024, Atlassian implemented a strict 10 collaborator limit across all free workspaces. Before this date, companies exploited a billing exception by adding unlimited single board guests to free workspaces. Because single board guests did not count as workspace members, organizations could host dozens of users at no cost by isolating them to specific boards. The 2024 policy closed this exception by counting every workspace member and every guest toward the 10 person maximum. This reporting killed the ability to use Trello as a free client portal or cross department collaboration hub.

Atlassian executed the 2024 collaborator cap in phases to force compliance. Starting April 8, 2024, free workspaces with 10 or more collaborators were immediately blocked from adding new users. By May 20, 2024, workspaces that remained over the limit faced severe operational restrictions, forcing administrators to either delete users or upgrade to the Standard tier. For a team of 15 collaborators, the mandatory upgrade instantly generated a new recurring cost of $75 per month. Administrators who refused to pay found their boards locked, preventing any new task creation or card movement until the user count dropped reporting the threshold.

Following the collaborator cap, Atlassian stripped direct customer service from the free tier. In June 2024, the company announced that only users with active paid subscriptions could submit support tickets. Free users were permanently redirected to the Atlassian Community forums and public knowledge bases for troubleshooting. This move reduced internal support costs for Atlassian while further degrading the value of the free tier.

By 2025, the free tier received minor feature additions that did not alter the strict usage caps. In May 2025, Atlassian rolled out the Trello Inbox and a view only version of Trello Planner to free users. Yet, the core limitations remained intact. Free workspaces are permanently restricted to the standard Kanban board view. Alternative visualizations, including Timeline, Calendar, Table, and Map views, require a Premium subscription. Automation capabilities on the free tier are strictly capped at 250 command runs per month, pooled across the entire workspace, ensuring that any team relying on automated workflows reporting quickly hit the ceiling and require an upgrade.

Date	Policy Change	Impact on Free Workspaces
May 1, 2019	10 Board Limit	Capped free teams at 10 open boards, ending the unlimited board era.
August 24, 2021	Trello Gold Retirement	Eliminated the individual plan, forcing a shift to per user workspace billing.
April 8, 2024	10 Collaborator Cap	Counted both members and single board guests toward a strict 10 person maximum.
June 2024	Support Ticket Removal	Restricted direct customer support to paid tiers, moving free users to community forums.
May 22, 2025	View Restrictions Maintained	Added Inbox and Planner, reporting permanently locked Timeline and Calendar views behind Premium.

What was the serious April 2024 policy shift?

Trello executed a severe reduction of free workspace features on April 8, 2024. The company capped free workspaces at a maximum of 10 collaborators. This limit included workspace members, guests, and pending invitations. Workspaces exceeding this limit were restricted from adding new members.

Atlassian announced the policy change on March 4, 2024, framing the decision as an alignment with the free tier restrictions present across its other software products. The company executed the transition in two distinct phases. The reporting phase activated on April 8, 2024. On this date, any free workspace containing 10 or more collaborators lost the ability to invite new users. Administrators only possessed the ability to add a new user if they removed existing collaborators to bring the total count reporting the 10-person threshold.

The definition of a collaborator proved expansive. Trello counted standard workspace members, single-board guests, pending invitations, and deactivated accounts that remained tied to the workspace. Prior to this update, free tier administrators possessed the ability to invite dozens of single-board guests without triggering billing requirements or hitting a hard cap. The April 2024 policy eliminated that allowance. A workspace with two full members and nine single-board guests registered as having 11 collaborators, placing it over the limit. This specific change forced organizations relying on external contractors or client access to fundamentally restructure their project boards.

The second phase of the rollout took effect on May 20, 2024. On this date, Trello applied a strict view-only lock to any free workspace that still exceeded the 10-collaborator maximum. Users inside these locked workspaces retained the ability to view boards, read card descriptions, and download attachments. Yet, the system blocked all edit permissions. Collaborators lost the ability to create new cards, move existing cards across lists, edit text, or delete items. The restriction also disabled all background processes. Any automated rules or scheduled commands configured through the Trello automation engine ceased functioning immediately upon the workspace entering view-only mode. The data remained intact and accessible for export, reporting the boards became entirely static.

To bypass the restrictions, Atlassian presented administrators with two options: purge users or purchase a subscription. Trello released updated administrative controls in late March 2024, giving free tier managers the ability to identify and remove guests across multiple boards. For teams requiring more than 10 collaborators, Trello required an upgrade to a paid tier. The Standard plan cost $5 per user per month when billed annually, or $6 per month on a monthly billing pattern. A workspace with 15 collaborators transitioning to the Standard tier faced a minimum annual cost of $900. The pricing model applied to every user in the workspace, meaning administrators paid for both internal employees and external guests.

To soften the immediate financial impact, Trello offered a 30-day trial of its premium features starting on April 8. The trial delayed the view-only enforcement for participating workspaces until the trial period expired. Once the trial ended, workspaces that did not finalize a payment method or reduce their headcount immediately reverted to the view-only state. Organizations that chose to downgrade from a paid plan back to the free tier after April 2024 instantly faced the 10-collaborator limit upon the expiration of their billing pattern.

Timeline of the 2024 Free Workspace Limitations

Date	Policy Action	Impact on Free Workspaces
March 4, 2024	Public Announcement	Atlassian published the upcoming 10-collaborator limit for all free Trello workspaces.
Late March 2024	Admin Tools Update	Trello deployed new dashboard controls allowing free tier administrators to remove hidden guests and pending invites.
April 8, 2024	Phase 1: Invitation Freeze	Workspaces with 10 or more collaborators lost the ability to add new members or guests.
May 20, 2024	Phase 2: View-Only Mode	Workspaces with 11 or more collaborators lost all edit permissions and automation capabilities.

The policy shift forced organizations to audit their Trello configurations. Workspaces created before April 8, 2024, received no grandfathered exemptions from the May 20 view-only enforcement. Every free workspace, regardless of its creation date, faced the exact same 10-collaborator ceiling. The strict enforcement marked a definitive end to the unlimited user model that defined the Trello free tier during its reporting decade of operation.

What pricing tiers exist for Trello users today?

Trello operates on four distinct pricing tiers. The Free plan allows up to 10 collaborators per workspace and restricts users to 10 boards. Users receive unlimited cards and 250 workspace command runs per month. The Standard plan costs $5 per user per month when billed annually. This tier removes the board limit entirely. It provides advanced checklists, custom fields, and 1, 000 automation actions per month. The Premium plan costs $10 per user per month. It introduces multiple project visualization methods. Users gain access to calendar views, timeline views, table views, and map views. The Premium tier includes unlimited automation command runs and advanced administrative controls.

The Enterprise plan caters to large organizations. It requires a minimum of 50 users. This tier includes organization wide permissions, public board management, and free single sign on integration through Atlassian Guard. Administrators can enforce attachment restrictions and manage third party integrations across the entire company.

How does Enterprise pricing report with user count?

Atlassian structures Trello Enterprise pricing on a tiered model. The per user cost decreases as organizations add more seats. A company with 50 users pays $17. 50 per user per month. A company with 1, 000 users pays $13. 13 per user per month. A company with 2, 500 users pays $9. 75 per user per month. The maximum discount applies at 5, 000 users. At this volume, the cost drops to $7. 38 per user per month.

This pricing model creates a specific financial reporting for growing companies. A 50 user deployment costs $10, 500 annually. A 1, 000 user deployment costs $157, 560 annually. The tiered model makes the Enterprise tier more cost reporting per user than the Premium plan once a company exceeds a specific headcount threshold. Educational institutions and non profit organizations receive a 50 percent discount on the Enterprise plan.

User Count	Monthly Cost Per User	Annual Total Cost	Visual Representation
50 Users	$17. 50	$10, 500	$17. 50
1, 000 Users	$13. 13	$157, 560	$13. 13
2, 500 Users	$9. 75	$292, 500	$9. 75
5, 000 Users	$7. 38	$442, 800	$7. 38

How did the January 2024 data scrape expose 15 million Trello users?

In January 2024, a threat actor known as emo scraped data from 15, 115, 516 Trello profiles. The attacker exploited an unauthenticated public Application Programming Interface endpoint. This specific endpoint allowed anyone to query Trello accounts using email addresses. The attacker fed a list of 500 million email addresses obtained from previous data breaches into the Trello endpoint. The system returned the public profile data associated with valid accounts.

The exposed data included full names, usernames, and account activity logs. The attacker compiled this information and offered the dataset for sale on a dark web hacking forum. The breach linked private email addresses to public Trello profiles. This connection created a serious privacy problem for users who maintained anonymous public boards. The exposed dataset increased the risk of targeted phishing attacks against Trello account holders.

Atlassian restricted access to the endpoint shortly after the breach became public. The company required authentication for all future profile queries. The engineering team modified the system to prevent unauthenticated users from querying accounts via email addresses. Atlassian stated that the attacker did not breach internal systems. The company classified the event as data scraping rather than a direct system compromise.

What technical vulnerabilities allowed the 2024 API abuse?

The January 2024 data exposure resulted from a Broken Object Level Authorization vulnerability. The Trello Application Programming Interface accepted email addresses as valid identifiers for profile queries. The system processed these requests without requiring an authentication token. The endpoint returned a 404 Not Found error when an email address did not match an active account. It returned a 200 OK status along with profile data when it found a match.

This configuration allowed the attacker to perform a massive enumeration attack. The threat actor used proxy servers to bypass rate limiting protections. The proxy network distributed the queries across thousands of different IP addresses. The Trello security systems failed to detect the coordinated scraping activity. The absence of proper authentication controls on the endpoint directly enabled the data extraction. The system design prioritized ease of sharing boards over data privacy.

What is the verified 2026 pricing structure?

Atlassian enforces four distinct subscription tiers for Trello as of 2026. The billing model relies on a per user monthly fee. Customers receive a discount for annual commitments. The pricing structure dictates exact limits on workspace command runs, file attachments, and administrative controls.

Plan	Cost Per User Annually	Cost Per User Monthly	Collaborator Limit	Automation Limit
Free	$0	$0	10 per workspace	250 runs per month
Standard	$5 per month	$6 per month	Unlimited	1, 000 runs per month
Premium	$10 per month	$12. 50 per month	Unlimited	Unlimited
Enterprise	$17. 50 per month	N/A (Annual Only)	Unlimited	Unlimited

The Free tier restricts users to 10 boards per workspace and caps file attachments at 10 megabytes per file. Workspaces on this tier can execute a maximum of 250 automation commands per month. Atlassian limits Free tier collaboration to 10 users per workspace. This restriction forces growing teams to upgrade or create fragmented, disconnected workspaces. The free version still provides unlimited cards, unlimited Power Ups per board, custom backgrounds, and basic two factor authentication. Users can access the platform via iOS and Android mobile applications.

The Standard plan costs $5 per user per month under an annual billing pattern. The monthly billing option increases the price to $6 per user. This tier removes the board limit and increases the file attachment allowance to 250 megabytes. Workspaces gain access to advanced checklists, custom fields, list colors, and collapsible lists. Automation capacity increases to 1, 000 command runs per month. Single board guests do not count toward the paid seat total on this tier. This tier suits small teams needing basic project tracking without advanced visualization tools.

The Premium plan requires $10 per user per month annually or $12. 50 per user per month on a monthly schedule. This tier introduces multiple project visualization formats. Users gain access to Timeline, Calendar, Dashboard, Map, and Workspace Table views. Atlassian Intelligence features become available at this level. These artificial intelligence tools assist with content generation and grammar correction. Premium workspaces receive unlimited automation command runs and advanced administrative controls. Administrators can deactivate members, manage workspace level templates, and organize projects using board collections. Customers on this tier receive priority support.

The Enterprise plan caters to large organizations and mandates a minimum of 50 users. The base cost is $17. 50 per user per month billed annually. Atlassian does not offer a monthly billing option for Enterprise customers. The per user cost decreases through volume discounts as organizations add more seats. For a 50 user deployment, the price remains $17. 50 per user. At 1, 000 users, the price drops to $13. 13 per user. At 2, 500 users, the rate falls to $9. 75 per user. Organizations deploying 5, 000 seats pay $7. 38 per user. This pricing model makes the Enterprise tier cheaper than the Premium tier for massive deployments.

This tier includes Atlassian Guard Standard at no extra cost. This inclusion provides Security Assertion Markup Language single sign on and System for Cross domain Identity Management user provisioning. Administrators gain organization wide permissions, public board management controls, and the ability to restrict file attachments. Enterprise customers can invite multi board guests and receive 24/7 Enterprise Admin support.

A hidden cost exists for mid sized companies requiring advanced security. Standard and Premium plans do not include single sign on capabilities by default. Organizations must purchase a separate Atlassian Guard subscription to enable these security reporting. This add on costs approximately $4 per user per month. A Premium user requiring single sign on costs $14 per month in total. This pricing structure frequently pushes security conscious companies toward the Enterprise tier.

Atlassian provides specific discounts for qualifying organizations. Verified nonprofit entities receive a 75 percent discount on Standard and Premium plans. A nonprofit team of 30 members pays $1, 075 for the Standard plan and $2, 125 for the Premium plan per year. The Enterprise plan discount for nonprofits is 50 percent. Academic institutions receive a 50 percent discount across all paid tiers. Hospitals and religious institutions do not qualify for these pricing reductions.

What caused the January 2024 security incident?

In January 2024, a threat actor operating under the pseudonym “emo” exposed the personal data of 15, 115, 516 Trello users. The attacker published this dataset on a dark web hacking forum. The leaked records contained full names, usernames, and email addresses. Atlassian confirmed the event occurred reporting stated that the attacker did not breach internal systems. Instead, the threat actor exploited an unsecured public REST API endpoint to scrape user data.

The root cause of the incident traced back to a specific API endpoint designed to help developers integrate Trello services. This endpoint allowed users to query public profile information using a Trello ID or username. The endpoint did not require authentication. Anyone could send a GET request and receive public account details. A severe vulnerability existed because the API also accepted an email address as a valid route parameter. The API documentation did not state that email addresses could function as identifiers.

The threat actor discovered this undocumented functionality. When querying the API with a random email address that did not match any Trello account, the system returned a 404 Not Found response code. When querying the API with an email address linked to an active Trello user, the system returned the public profile information associated with that account. This allowed the attacker to link private email addresses to public Trello profiles.

To execute the data extraction, the attacker compiled a list of 500 million email addresses gathered from previous, unrelated data breaches. The threat actor fed this massive list into the unsecured Trello API. By monitoring the response codes, the attacker identified which email addresses corresponded to active Trello accounts. The API returned the full name, username, and account metadata for every successful match. The attacker combined the email addresses with the scraped public profile data to create the final dataset of over 15 million records.

The mechanics of the data extraction relied entirely on the predictable behavior of the API. When the threat actor submitted an email address, the system processed the request and returned specific HTTP status codes. A 404 code meant the email did not exist in the Trello database. A successful code meant the email matched an active user. The attacker recorded every successful response and saved the accompanying JSON payload. This payload contained the user data. The attacker repeated this process 500 million times.

Trello had rate limiting protections in place to prevent mass automated requests. The attacker bypassed these defenses by routing the API queries through multiple proxy servers. Standard API rate limits restrict the number of requests a single IP address can make within a specific timeframe. By distributing the 500 million requests across a vast network of proxy servers, the attacker ensured that no single IP address exceeded the threshold. The server processed the distributed requests as normal traffic.

Incident Component	Technical Detail
reporting Endpoint	Public REST API for profile querying
Authentication Requirement	None prior to the incident discovery
Exploited Parameter	Email address used as an undocumented identifier
Input Data	500 million email addresses from previous external breaches
Evasion Technique	Proxy server network to bypass IP rate limits
Exposed Records	15, 115, 516 unique user profiles
Remediation	Mandatory authentication implemented for email queries

The Open Worldwide Application Security Project classifies this type of vulnerability as Broken Object Level Authorization. The absence of proper authentication controls allowed an external user to extract massive amounts of data. The incident showed the danger of excessive data exposure through public APIs. Even with the extracted profile data being public, linking it to private email addresses created a serious privacy problem. Security researchers warned that the compiled dataset provided attackers with highly targeted information for phishing campaigns and doxxing attacks.

Following the discovery of the scraping operation, Atlassian modified the API endpoint. The company implemented mandatory authentication for any request attempting to query public profile information using an email address. Unauthenticated users and external services can no longer request another user profile by email. The Have I Been Pwned service added the 15 million exposed records to its database, allowing users to verify if their information was included in the scraped dataset.

How reporting users were compromised in the data breach?

The size of the January 2024 Trello data exposure provides a clear metric of the security flaws inherent in open application programming interfaces. A threat actor operating under the alias emo exploited a publicly accessible REST API endpoint to scrape the personal data of 15, 115, 516 Trello users. The compromised information included private email addresses, full names, and account usernames. To execute this massive data harvesting operation, the attacker used a preexisting compilation of 500 million email addresses gathered from previous, unrelated data breaches.

The technical execution of the scrape relied on a specific functional oversight within the Trello architecture. The API endpoint in question was designed to help developers integrate Trello services into external applications. It allowed users to query public profile information using a Trello ID or a username. The serious flaw was that the endpoint also accepted email addresses as a search parameter without requiring any form of authentication. The attacker systematically fed the 500 million email addresses into this unsecured endpoint. Whenever the API matched an email address to an active Trello account, it returned the associated public profile data. This method allowed the threat actor to definitively link private, unlisted email addresses to public user identities.

Atlassian had implemented rate limiting on the API to prevent automated abuse. The attacker bypassed these security controls by routing the requests through a vast network of rotating proxy servers. This technique masked the origin of the queries and allowed the scraping process to continue uninterrupted. The operation yielded a database containing over 15 million verified records. On January 17, 2024, the hacker posted the complete dataset for sale on a prominent cybercrime forum. The entire database was priced at eight site credits, which carried a monetary value of just $2. 32.

Metric	Data Point
Total Users Compromised	15, 115, 516
Email Addresses Tested	500, 000, 000
Date of Forum Listing	January 17, 2024
Date Added to HIBP	January 22, 2024
Cost of Stolen Database	$2. 32

The corporate response from Atlassian emphasized that the incident did not constitute a traditional breach of internal servers. The parent company stated that no unauthorized access to private databases occurred. Atlassian maintained that the threat actor only aggregated information that was already publicly available on user profiles. Cybersecurity analysts countered this narrative by highlighting the severity of the API flaw. The primary security failure was the system allowing an unauthenticated external party to connect private email addresses with public names and account details. This specific combination of data equips cybercriminals with the exact context needed to launch highly targeted spear phishing campaigns against Trello users.

In the aftermath of the exposure, Atlassian deployed immediate changes to the Trello infrastructure. The engineering team modified the open API endpoint to require strict authentication. Any user or third party service attempting to query public profile information using an email address must reporting be logged into a verified Trello account. This adjustment stops anonymous scraping while preserving the ability of legitimate users to invite colleagues to collaborative boards. On January 22, 2024, the compromised dataset was integrated into the Have I Been Pwned tracking service. This integration allowed the 15 million affected individuals to confirm their exposure status and take necessary precautions, such as updating passwords and enabling two factor authentication.

The exposure of 15 million verified email addresses tied directly to full names and project management accounts creates a highly lucrative target for social engineering. Cybercriminals use this specific combination of data to craft convincing fraudulent emails. An attacker can impersonate Atlassian or Trello support staff, addressing the user by their full name and referencing their active account status. These phishing attempts aim to steal passwords, financial details, or proprietary corporate data stored within Trello workspaces. The incident demonstrates the serious consequences of failing to secure public facing APIs against automated enumeration attacks.

The January 2024 event also highlights a growing trend of threat actors weaponizing massive datasets from older breaches. By recycling the 500 million email addresses from previous leaks, the attacker transformed stale data into a fresh, highly accurate directory of active Trello users. This methodology shows that even basic public profile features require rigorous access controls. The modification of the API by Atlassian closed the immediate security gap, yet the 15 million exposed records remain permanently circulating within cybercrime communities.

What technical vulnerabilities allowed the 2024 API abuse and how did Atlassian respond?

The January 2024 data exposure relied on a specific design flaw within a Trello REST application programming interface. Developers originally built this endpoint to allow users to invite guests to public boards using an email address. The endpoint operated with an absence of authentication requirements. Anyone could query the system without logging into a Trello account or providing an authentication key. The hacker known as emo discovered that submitting an email address to this open endpoint would return the associated public profile data, including the user identification number, username, and full name.

The exposed REST API endpoint was specifically designed for the board invitation feature. Trello administrators frequently use this function to add external collaborators to their workspaces. By entering an email address, the administrator can send a direct invitation. The underlying code processed these requests by checking the submitted email against the user database. If the email belonged to an active user, the API returned a structured response containing the public profile details. The developers failed to restrict this query function to authenticated sessions. This oversight meant that any automated script could send millions of requests per hour without triggering security blocks or requiring a valid session token.

To exploit this vulnerability, the attacker compiled a list of 500 million email addresses sourced from previous third party data breaches. The threat actor fed this massive list into the unauthenticated Trello endpoint. When the system found a match, it linked the private email address to the public Trello profile. This automated scraping operation generated a database containing 15, 115, 516 unique user records. The compilation of private email addresses with public names created a serious security problem, as it provided threat actors with verified victims for doxxing and spear phishing campaigns.

The threat actor capitalized on this architectural oversight by using a technique known as enumeration. The attacker wrote a custom script to automate the API requests. The script pulled email addresses one by one from the 500 million record master list and sent them to the Trello server. The server dutifully processed each request. For every match, the script recorded the returned data fields. The final database included the private email address, the full name of the user, the account username, and the unique account identification string. The inclusion of the full name and username allowed cybercriminals to connect anonymous email addresses to real world identities.

Security researcher Troy Hunt analyzed a sample of 500 email addresses from the scraped database to identify their origins. The analysis confirmed that the attacker built their initial query list using data from several older breaches. The table reporting details the top sources identified in that sample.

Source Breach	Occurrences in 500 Sample List	Percentage of Sample
Wattpad	183	36. 6%
Canva	174	34. 8%
Dropbox	132	26. 4%
Twitter	129	25. 8%
Collection1	123	24. 6%
Gravatar	120	24. 0%

Atlassian initially minimized its responsibility for the event. A company spokesperson stated that the investigation found no evidence of unauthorized access to internal systems. The corporate response emphasized that the threat actor only obtained profile information that users had already made public. Security experts criticized this stance. They pointed out that the unauthenticated endpoint actively facilitated the mass linkage of private emails to public identities.

Yet, Atlassian did implement technical changes to stop further abuse. The engineering team modified the REST endpoint configuration in late January 2024. The updated system reporting requires users and services to authenticate before they can request another user profile via email. Authenticated accounts can still use the feature to invite guests to public boards. This modification closed the specific flaw that allowed the scraping operation.

The timeline of the incident shows a delayed public disclosure. The scraping activity occurred in January 2024. The hacker immediately advertised the database for sale on a dark web marketplace. Atlassian learned of the abuse shortly after the initial advertisement. The company deployed the patch to secure the API endpoint within days of the discovery. The public remained largely unaware of the full scope of the exposure until July 2024. The hacker decided to publish the entire dataset for free on the BreachForums site on July 16. This public release prompted a new wave of media coverage and forced millions of users to evaluate their security posture. Cybersecurity professionals advised affected individuals to monitor their accounts for targeted phishing attempts and to enable multifactor authentication across all connected services.

What specific Kanban features remain in the free tier today?

Atlassian fundamentally restructured the Trello free tier between 2021 and 2026. The platform still provides core Kanban functionality at zero cost, reporting strict usage ceilings reporting force growing teams toward paid subscriptions. The most significant restriction arrived on April 8, 2024. On this date, Atlassian capped all free Trello Workspaces at a maximum of 10 collaborators. This headcount includes active Workspace members, outside guests, and pending email invitations. Workspaces that exceeded this 10-person limit faced immediate restrictions on adding new members. By May 20, 2024, Atlassian enforced the second phase of this policy. Any free Workspace remaining above the 10-collaborator threshold automatically shifted into a view-only mode. Users could still read their boards, reporting the system disabled all card modifications, additions, and deletions until the administrator either upgraded to a paid plan or removed excess users.

Beyond the collaborator cap, the free tier imposes strict limits on project volume and file management. Free users can create a maximum of 10 open boards per Workspace. If a team requires an eleventh board, administrators must permanently close or archive an existing board to free up a slot. While the platform permits an unlimited number of task cards within those 10 boards, data storage operates under a rigid constraint. Trello provides unlimited total storage capacity, yet individual file attachments cannot exceed 10 megabytes. Teams handling large design files, software binaries, or high-resolution videos must rely on external cloud storage links rather than native uploads. This forces users to host their heavy assets on Google Drive or Dropbox and paste the corresponding URLs into the card descriptions.

Automation capabilities also face strict limits on the free plan. Trello includes its native automation engine, known as Butler, across all tiers. Free Workspaces receive an allowance of 250 automation command runs per month. A command run triggers whenever a predefined rule executes. For example, a rule that automatically moves a card to a completed list and checks off all remaining items counts as a run. A small team of five people executing just two automated actions per workday consumes this entire monthly allowance in 25 days. Once a Workspace exhausts its 250 monthly runs, all automated workflows halt until the reporting billing pattern resets the counter. For comparison, the Standard paid tier increases this limit to 1, 000 runs per month, providing four times the automation capacity.

The free tier restricts users to the traditional Kanban board interface. Advanced visualization tools, including the Timeline, Calendar, Dashboard, and Map views, remain locked behind the Premium and Enterprise subscriptions. Task management within the free version also has an absence of structural depth. Users can create basic checklists inside cards, reporting they cannot use advanced checklists. Advanced checklists allow managers to assign specific team members and individual due dates to single checklist items. Also, the free tier excludes custom fields. Teams cannot add structured data like dropdown menus, numerical estimates, or specific text boxes to their cards without upgrading to the Standard plan. This prevents free users from building complex databases or detailed customer relationship management pipelines directly inside the application.

Even with these restrictions, Atlassian maintains several high-value features for non-paying users. In 2021, Trello removed its previous limit of one Power-Up per board. Today, free users can install an unlimited number of Power-Ups. This change allows teams to connect their boards directly to external applications like Slack, Microsoft Teams, and Jira without paying subscription fees. The free tier also includes an unlimited activity log, custom backgrounds, assigning capabilities, basic due dates, and two-factor authentication for account security. Mobile access remains fully supported, with free users retaining complete functionality on both iOS and Android applications.

Feature Category	Free Tier Limitation
Workspace Collaborators	Maximum of 10 users (enforced May 2024)
Board Count	Maximum of 10 boards per Workspace
Card Creation	Unlimited
File Attachments	10 MB maximum per file
Butler Automation	250 command runs per month
Power-Ups (Integrations)	Unlimited per board
Project Views	Kanban view only
Checklists	Basic only (no individual assignees or due dates)
Custom Fields	Not available

These parameters define Trello as a capable entry-level tool for individuals and micro-teams. The 10-user and 10-board limits act as the primary catalysts for monetization. Once a business grows beyond a single small department, the free tier ceases to function as a viable central management system. The absence of custom fields and advanced checklists further prevents free users from executing complex project tracking, pushing them toward the $5 per user monthly Standard plan.

What is the current state of Trello Power Ups?

Power Ups represent third party integrations within the Trello ecosystem. The free plan previously restricted the total active Power Ups per board. Trello eventually reversed this limitation. Free users currently have access to unlimited Power Ups per board. This includes integrations with Slack, Google Drive, and Salesforce.

Atlassian enforced strict caps on these integrations during the early years of the platform. Prior to August 23, 2016, free users had zero access to Power Ups. On that date, Atlassian opened the directory to free accounts reporting capped usage at one active integration per board. Users on the discontinued Gold plan received a maximum of three active integrations. In May 2021, Trello introduced a Bonus category containing over 30 specific tools that bypassed the quota. On August 24, 2021, Atlassian removed the platform side caps entirely. Free users gained the ability to install unlimited integrations per board.

Date	Plan Tier	Active Power Up Limit
Pre August 2016	Free	0
August 23, 2016	Free	1
Pre August 2021	Gold	3
August 24, 2021	Free	Unlimited

The removal of the platform cap shifted monetization from Atlassian to third party developers. Users reporting face a fragmented billing environment. Developers enforce independent subscription models for their specific tools. Screenful implemented a $14. 90 monthly subscription for its tool bundle on January 1, 2026. This bundle includes Card Size, Card Priority, Card Dependencies, and Epic Cards. The fee applies at the workspace level and covers all members on the board. Prior to 2026, certain tools operated independently with different pricing structures. Other developers use freemium models. They offer basic functions at no cost while locking advanced metrics behind paywalls. The Trello directory currently hosts over 200 integrations. Users must manage separate billing agreements for each premium tool they install.

Specific integrations dominate the directory based on user demand. TimeCamp provides automatic time tracking directly within the interface. Blue Cat Reports offers custom analytics and CSV imports. The Slack integration allows teams to link specific boards to specific communication channels. The Google Drive integration allows users to attach folders directly to cards and generates enhanced thumbnail views for design assets. The Card Repeater tool automates the creation of new cards for recurring tasks on a daily, weekly, or monthly schedule. These tools expand the core functionality of the Kanban system. They add time logs, external file links, and task dependencies to the standard card layout.

The technical architecture of these integrations relies on hidden iframes. The tools communicate with the main application using the window postMessage method. Trello provides a key value storage system called pluginData. Developers scope this data to specific boards, cards, members, or organizations. The t. set and t. get commands allow developers to read and write data directly to the interface. Data stored via the t. set command remains accessible only through GET requests on the specific objects. The REST API does not support PUT, POST, or DELETE methods for managing this plugin data. Developers must build custom endpoints to manipulate the data outside the standard Trello interface. This creates a secondary data silo for every installed integration. This architecture means the integrations run alongside the core application rather than inside the Atlassian backend.

This structure introduces serious data privacy variables. Third party developers host their own infrastructure on external platforms like Heroku or Netlify. Trello requires third party cookies for these integrations to function correctly. External servers process and store user data independently of Atlassian security rules. Trello explicitly warns users that third party applications retain personal data even after a user deletes their main account. Administrators cannot restrict integration usage geographically. Data access depends entirely on the third party developer compliance with privacy laws and internal security rules. Users must manually audit the privacy policy of each installed tool to verify data handling practices. For example, the Processes for Trello integration logs IP addresses, browser types, and operating systems. The developer retains this server log data for 30 days. Non personal information like task dependencies remains on their servers until the entire board is deleted. If a user revokes an authentication token, standard guidelines dictate that developers delete the associated personal data within 14 days. Compliance remains the responsibility of the external developer.

What specific features are locked behind the Standard plan?

Atlassian structures the Trello Standard plan as the initial financial tollgate for expanding organizations. The tier costs 5 dollars per user per month when billed annually. Monthly billing increases the price to 6 dollars per user. This payment tier directly reporting organizations hitting the strict operational walls of the free version. The upgrade route focuses entirely on volume increases and specific task management additions rather than interface changes.

The most immediate restriction lifted by the Standard plan involves board volume and user count. In April 2024 Atlassian enforced a hard cap of 10 collaborators and 10 boards for free workspaces. The Standard tier removes both ceilings. Paying users can generate unlimited boards and invite unlimited collaborators to their workspace. The plan also introduces single board guest access. Administrators can invite outside clients or contractors to view a single specific board without paying for an additional full user seat. This specific feature allows agencies to share project progress with external parties without inflating their monthly software bill.

Feature Category	Free Plan Limit	Standard Plan Limit
Workspace Boards	10 maximum	Unlimited
Collaborators	10 maximum	Unlimited
File Attachments	10 megabytes per file	250 megabytes per file
Automation Runs	250 per month	1000 per month
Custom Fields	Locked	Unlocked

Data storage mechanics see direct upgrades under the paid model. Free users face a strict 10 megabyte limit per file attachment. The Standard plan multiplies this capacity to 250 megabytes per file. Total storage remains unmetered across both tiers. The per file restriction forces media intensive teams to upgrade if they upload high resolution images or large document files directly to task cards.

Task customization expands through two specific additions. Atlassian unlocks Advanced Checklists as the primary upgrade. Free users can create basic text checklists inside task cards. Standard users gain the ability to assign specific team members and exact due dates to individual checklist items. Custom Fields become fully available as the second major addition. Atlassian integrated Custom Fields as a native feature in 2021. Free users who activated the Custom Fields Power Up before the 2021 transition retained access. New free workspaces created after that date must upgrade to Standard to build custom data fields. These fields allow teams to add specific dropdown menus, text boxes, and numerical inputs to standard task cards.

Automation limits represent another major differentiator between the tiers. Trello uses a built in automation engine. The free tier restricts workspaces to 250 command runs per month. The Standard plan quadruples this allowance to 1000 command runs per month. Teams relying on automated card sorting, date triggers, or repetitive task generation hit the 250 run limit rapidly. The Standard plan provides enough automation capacity for basic rule processing reporting stops short of the unlimited runs provided in the Premium tier.

The Standard plan strictly maintains the basic Kanban board interface. Atlassian reserves advanced visualization tools like Calendar, Timeline, Dashboard, and Map views for the 10 dollar Premium tier. Standard users pay solely for increased volume and basic task customization. The tier does not include Atlassian Intelligence AI features or advanced administrative security controls. The Standard plan functions entirely as a capacity expansion for teams that outgrow the 2024 free tier restrictions reporting do not require complex project visualization.

The Standard plan also restores functionality previously available to individual users under the retired Trello Gold subscription. Atlassian discontinued Trello Gold in 2021. The company priced Gold at 5 dollars per month for individual users. The Standard plan adopted this exact price point reporting shifted the billing model to a per user structure. This change forced teams to pay for every member in the workspace rather than allowing a single user to upgrade their personal account. The Standard tier includes saved searches. This feature permits users to save specific filter criteria to locate cards across multiple boards instantly.

How did the introduction of Atlassian Intelligence alter Trello operations?

Atlassian integrated generative artificial intelligence into Trello to automate content creation and summarize board data. The company reporting announced Atlassian Intelligence at the Team 23 event in April 2023. By October 2023, administrators gained the ability to enable beta artificial intelligence features for Trello Standard and Premium users. On April 26, 2024, Atlassian made the artificial intelligence tools generally available for Trello Premium and Enterprise customers.

The artificial intelligence integration functions as a virtual team member within the Trello editor. Users activate the tool by clicking the Atlassian Intelligence button or typing a specific command during card editing. The system relies on proprietary artificial intelligence models combined with OpenAI technology. The tool reads card descriptions and comments to execute four primary functions. These functions include summarizing long text, brainstorming new ideas, finding action items, and answering open queries. Users paste raw text into a card description, and the system identifies specific action items. Users then copy the generated list into a Trello checklist, which creates individual trackable items for each line.

The artificial intelligence also assists users in refining their communication within the platform. When a user drafts a comment on a Trello card, they prompt the system to adjust the tone of the message. The tool rewrites a casual note into a professional update suitable for client viewing. It also provides real time spelling and grammar corrections. This functionality proves highly useful for support teams and project managers who use Trello cards as a primary communication channel with external officials. By automating the editing process, the system reduces the time spent drafting and reviewing project updates.

In October 2024, Atlassian expanded these capabilities by updating the Email to Board feature. This update allows the artificial intelligence to summarize incoming emails automatically. The system reads the inbound email text and generates a concise summary within the newly created Trello card. This automation saves users from reading lengthy email threads manually.

Data privacy remains a primary concern for enterprise customers using generative artificial intelligence. Atlassian implemented strict data protection policies for its OpenAI integration. The company confirmed that Atlassian Intelligence and OpenAI do not retain user inputs or outputs. The system processes the data solely to generate the requested response. OpenAI does not use Trello customer data to train its large language models. The artificial intelligence also respects all existing access control lists. If a user does not have permission to view a specific board or card, the artificial intelligence cannot read or summarize that restricted content.

Atlassian implemented strict access controls for the deployment. Free and Standard tier customers who participated in the beta program retained access only until June 30, 2024. After that date, Atlassian restricted the native capabilities exclusively to Premium and Enterprise accounts. Enterprise administrators control the feature at the organizational level. They access the Enterprise Dashboard, locate the Atlassian Intelligence section, and toggle the activation button. Once enabled, all users within the Enterprise Workspaces access the tools. Atlassian automatically activated the features for Premium and Enterprise cloud products starting May 6, 2024, yet administrators retained the option to opt out.

Third party developers also introduced artificial intelligence to Trello through Power Ups. In June 2023, the Notes and Docs Power Up released a ChatGPT powered assistant. This integration allowed users to draft documents and take notes directly within Trello cards. By March 2024, the Power Up added an inline assistant alongside a drag and drop block editor. This third party method provided artificial intelligence access to users on the Free and Standard plans who could not access the native Atlassian tools.

Atlassian expanded the footprint further with the announcement of a redesigned Trello interface scheduled for general availability on May 21, 2025. The 2025 update introduced the Trello Inbox, a feature designed to capture notes, emails, and Slack messages. Atlassian Intelligence automatically summarizes the inbound content held in the Inbox before users assign the items to specific boards.

Date	Event	Affected Plans
April 2023	Atlassian Intelligence announced at Team 23	All Atlassian Cloud
June 2023	Notes and Docs Power Up adds ChatGPT assistant	All Trello Plans
October 2023	Atlassian Intelligence enters beta in Trello	Standard, Premium
April 26, 2024	General availability of native artificial intelligence features	Premium, Enterprise
June 30, 2024	Beta access ends for lower tiers	Free, Standard
October 2024	Email to Board artificial intelligence summarization released	Premium, Enterprise
May 21, 2025	New Trello launch with summarized Inbox	All Trello Plans

The financial impact of the rollout forced smaller teams to evaluate their subscription levels. A free tier user requiring automated text generation must upgrade to the Premium plan, which costs 10 dollars per user per month when billed annually. The introduction of these features shifted Trello from a manual data entry platform to an automated text processing environment.

What enterprise level controls exist in 2026?

Atlassian structures the Trello Enterprise plan for large deployments requiring centralized administration. The pricing model mandates a minimum of 50 users. At this baseline, the cost is 17. 50 dollars per user per month when billed annually. This creates a minimum annual commitment of 10, 500 dollars. As organizations add more seats, the per user cost decreases based on volume discounts. The Enterprise tier removes the 10 user and 10 board limits found in the free tier. It provides unlimited workspaces and unlimited boards.

Security and access management form the core of the Enterprise offering. Atlassian integrates Trello Enterprise with Atlassian Guard. This integration provides free Security Assertion Markup Language Single Sign On. It also includes System for Cross domain Identity Management user provisioning. Administrators use Atlassian Guard to enforce two step verification across the entire organization. If a user password leaks, the mandatory secondary verification prevents unauthorized access. The system syncs directly with external identity providers like Okta, OneLogin, and Microsoft Azure. When an IT department removes an employee from the central identity provider, Atlassian Guard instantly revokes their Trello access.

The Enterprise Admin Dashboard gives IT departments absolute control over data visibility. Administrators can set organization wide permissions. They can restrict who creates public boards. They can also manage multi board guests. This prevents external contractors from viewing internal company data outside their specific assignments. The dashboard includes attachment restrictions. Administrators can dictate which file sharing services integrate with Trello. They can block users from uploading files directly from unauthorized local drives or unapproved cloud storage platforms.

Mobile device management represents another level of enterprise control. Through Atlassian Guard, administrators can apply strict mobile policies to the Trello application on iOS and Android devices. They can block cut, copy, paste, and screenshot functions within the app. They can enforce device passcode requirements. They can also mandate minimum operating system versions before allowing the Trello application to sync data. This prevents data exfiltration on compromised or outdated mobile hardware.

Trello Enterprise operates under strict compliance frameworks. The platform maintains SOC 2, SOC 3, and ISO/IEC 27001 certifications. It complies with the General Data Protection Regulation. All data remains encrypted at rest and in transit using Advanced Encryption Standard 256 and Transport reporting Security 1. 2 or higher. The Enterprise tier includes a 99. 99 percent uptime guarantee. It also provides 24/7 priority support with a one business day response time target.

The following table outlines the exact permissions available exclusively to Enterprise administrators in 2026.

Enterprise Control Feature	Functionality Description
Organization Wide Permissions	Allows administrators to set default access levels for all new boards and workspaces.
Public Board Management	Grants IT the power to audit, restrict, or disable the creation of public facing boards.
Attachment Restrictions	Limits file uploads to approved sources like Google Drive or corporate OneDrive accounts.
Power Up Administration	Enables administrators to whitelist or blacklist specific third party application integrations.
Multi Board Guest Control	Restricts external contractors from navigating outside their explicitly assigned boards.
Mobile Device Management	Blocks screenshots and enforces device passcodes on mobile hardware accessing Trello.

The Enterprise plan consolidates billing and user management. Companies do not pay separate licensing fees for Atlassian Guard Standard when they purchase Trello Enterprise. The 17. 50 dollar per user fee covers both the project management software and the security overlay. This structure forces large organizations to migrate away from the free or standard tiers if they require compliance auditing, mandatory single sign on, or centralized user lifecycle management. Organizations that attempt to use the free tier for enterprise operations face hard limits on collaborators, which makes unauthorized shadow IT deployments impossible to sustain for teams larger than 10 people.

Enterprise administrators hold authority over Workspace administrators. In lower pricing tiers, individual Workspace administrators control their own billing and user invites. Under the Enterprise model, the central administration team can claim non Enterprise workspaces created by employees using company email addresses. This account claim process brings rogue workspaces under corporate governance. Once claimed, the Enterprise administrators can view all free managed accounts in their dashboard. They can then apply the most secure Enterprise data restrictions to these previously unmanaged boards.

The system also provides detailed audit logs for security monitoring. Administrators can track user login events, permission changes, and board deletions. These logs help security teams investigate unauthorized access attempts or data breaches. The combination of audit logs, single sign on, and centralized workspace claiming ensures that corporate data remains under IT supervision, even if individual employees attempt to bypass standard procurement channels.

What are the specific differences in integrations between tiers?

Atlassian fundamentally altered the integration structure for Trello users in August 2021 by removing the strict single integration limit previously imposed on free workspaces. Today, Trello offers unlimited Power-Ups across all pricing tiers, including the Free plan. This represents a major shift from the platform’s earlier monetization strategy. Trello previously used integrations as a primary driver for paid upgrades.

When Trello introduced Power-Ups in August 2013, the platform offered exactly three options: Calendar, Card Aging, and Voting. By 2024, the Trello Power-Up directory expanded to over 330 integrations. These include connections to Slack, Google Drive, Jira, and hundreds of external tools. Atlassian permits unlimited Power-Up installations on the Free, Standard, and Premium tiers. Yet, external developers frequently require separate paid subscriptions to unlock full functionality within their specific integrations.

The primary differentiator regarding integrations reporting resides at the Enterprise level. Organizations paying $17. 50 per user monthly gain access to Enterprise Power-Up Administration. This security feature allows administrators to dictate exactly which external applications can connect to company boards.

Pricing Tier	Power-Up Limit	Admin Controls over Integrations
Free	Unlimited	None
Standard ($5/user)	Unlimited	None
Premium ($10/user)	Unlimited	None
Enterprise ($17. 50/user)	Unlimited	Full Power-Up Administration (Allow/Disallow specific apps)

Enterprise administrators can view all active Power-Ups across the organization. They can instantly disallow unauthorized applications and manage API tokens from a central dashboard. This level of control is absent in the Premium tier. Security-conscious organizations must upgrade to Enterprise to prevent data leakage through unvetted external integrations.

The 2021 pricing overhaul completely commoditized basic integrations. By making Power-Ups free for all users, Atlassian shifted the value of paid tiers toward administrative control and data security. The Free plan provides the exact same integration capabilities as the Premium plan. The only restriction involves the limit of 10 collaborators imposed on free workspaces in April 2024. Teams requiring strict oversight of connected applications have no choice reporting to adopt the Enterprise model.

The evolution of the Power-Up directory reflects Atlassian’s broader strategy to integrate Trello into enterprise workflows. In 2018, the directory housed 80 integrations. By January 2024, data from Blue Cat Reports confirmed the directory contained 334 distinct Power-Ups. The fastest growing integrations include Outlook Calendar sync, data export tools, and Agile story point calculators. Atlassian maintains its own suite of free Power-Ups, reporting external developers dominate the directory.

The financial cost of integrations shifts from Atlassian to external developers. While Trello does not charge users to install a Power-Up, the developers of those Power-Ups frequently require monthly subscriptions. A team using the Free tier can install 20 Power-Ups, reporting they must pay the external developers directly for premium features. This creates a hidden cost structure for teams relying heavily on external tools.

Enterprise Power-Up Administration provides a granular method for managing these external connections. By default, the administration feature is turned off. When an administrator activates the feature, Trello immediately disallows all Power-Ups not currently in use across the enterprise. Administrators can then manually approve specific applications. This prevents employees from connecting unverified tools to company data.

The API Tokens tab within the Enterprise dashboard grants administrators visibility into personal server tokens. These tokens represent authorizations granted by enterprise members to external integrations and mobile applications. Administrators can filter these tokens by Power-Up type and delete them to revoke access instantly. Trello restricts administrators from viewing the specific names of external Power-Up integrations in this view. Administrators must delete all external integration tokens authorized by a specific user to ensure complete revocation.

The difference between the Premium and Enterprise tiers becomes clear during security audits. Premium workspaces do not have the centralized dashboard required to monitor API token generation. If a user in a Premium workspace authorizes a malicious external application, administrators have no native method to detect or revoke that specific token. The Enterprise tier solves this problem by enforcing a hierarchical permission model for all connected applications.

What was the financial impact of the 2024 paywall shift?

The introduction of the 10 collaborator limit forced thousands of small businesses into paid tiers. Atlassian leveraged this restriction to convert dormant free users into recurring revenue streams. The policy change directly aligned Trello with the monetization strategies of other Atlassian products like Jira and Confluence.

On April 8, 2024, Atlassian enacted a strict cap on free Trello workspaces. The company restricted these free environments to a maximum of 10 collaborators. Workspaces exceeding this number faced a hard deadline of May 20, 2024. After that date, Atlassian converted noncompliant free workspaces into a view only mode. This forced organizations to either remove team members or purchase a paid subscription. The Standard plan costs five dollars per user per month. The Premium plan costs ten dollars per user per month. This aggressive monetization tactic yielded immediate financial results for the parent company.

Atlassian reported total revenue of 1. 13 billion dollars for the fourth quarter of fiscal year 2024, which ended on June 30, 2024. This figure represented a 20 percent year over year increase. Subscription revenue jumped 34 percent during the same period. The forced migration of free Trello users directly contributed to this surge in paid cloud subscriptions. The company closed out fiscal year 2024 with 4. 4 billion dollars in total revenue. The financial data proves that restricting access to core features successfully pushed users to open their wallets.

The financial momentum continued into the reporting fiscal year. For the reporting quarter of fiscal year 2025, ending September 30, 2024, Atlassian posted 1. 188 billion dollars in total revenue. Subscription revenue grew by 33 percent year over year to reach 1. 132 billion dollars. Cloud revenue specifically increased by 26 percent. The conversion of free Trello accounts into paid seats played a clear role in sustaining these high growth percentages. Atlassian executives noted that cloud migrations and premium upsells drove strong growth across their entire software portfolio.

By the reporting quarter of fiscal year 2026, ending in late 2025, Atlassian reached 1. 43 billion dollars in total quarterly revenue. Cloud revenue hit 998 million dollars, marking another 26 percent year over year increase. The remaining performance obligations for the company grew by 42 percent to 3. 3 billion dollars. These metrics show that the decision to restrict free Trello workspaces successfully locked users into long term financial commitments. The company reported a net revenue retention rate of 120 percent during this period. This high retention rate indicates that once users upgraded to paid Trello plans, they rarely downgraded or canceled their subscriptions.

Fiscal Quarter	Total Revenue	Subscription Revenue Growth	Cloud Revenue Growth
Q4 FY24 Ended June 2024	1. 13 Billion Dollars	34 Percent	31 Percent
Q1 FY25 Ended Sept 2024	1. 188 Billion Dollars	33 Percent	26 Percent
Q1 FY26 Ended Sept 2025	1. 43 Billion Dollars	Not Disclosed	26 Percent

The 2024 paywall shift eliminated the generous free tier that originally popularized Trello. Atlassian used the massive user base of the platform to drive enterprise sales and cloud migrations. This strategy mirrors the exact playbook Atlassian used to monetize Jira Software and Confluence. The company prioritized predictable recurring revenue over raw user acquisition. The financial data confirms that the 10 collaborator limit achieved its primary goal of extracting maximum capital from the existing Trello user base. Small teams that relied on the free version for years suddenly found themselves paying hundreds of dollars annually to maintain their established workflows.

Atlassian also benefited from reduced server costs. By forcing large inactive or highly populated free workspaces into view only mode, the company decreased the computing resources required to maintain non paying accounts. This cost reduction method improved gross margins. The company reported an 85 percent gross margin in late 2024. The combination of higher subscription revenue and lower free tier maintenance costs created a highly profitable environment for Atlassian. The Trello paywall shift stands as a clear example of how corporate acquisitions eventually lead to the monetization of previously free digital tools.

What data visualization charts represent the pricing shift?

The multi coloured chart above illustrates the financial reality for a 15 person team. A workspace that cost zero dollars in 2023 reporting requires a 900 dollar annual commitment under the Standard plan.

Prior to April 8, 2024, Atlassian permitted unlimited collaborators on free Trello workspaces. The policy update capped free workspaces at 10 collaborators, counting members, guests, and pending invitations. Workspaces exceeding this limit entered a view only mode on May 20, 2024, disabling card edits and board modifications.

To retain edit access for 15 users, administrators must purchase a paid subscription. The Standard plan costs 5 dollars per user per month billed annually, totaling 60 dollars per user per year. Multiplying 60 dollars by 15 users yields 900 dollars annually.

Plan Tier	Monthly Cost Per User (Annual Billing)	Annual Cost for 15 Users
Free	$0	N/A (Capped at 10 users)
Standard	$5	$900
Premium	$10	$1, 800
Enterprise	$17. 50	$3, 150

The Premium tier doubles the financial requirement to 1, 800 dollars annually for the same 15 users. Enterprise pricing reporting to 3, 150 dollars annually for a 15 person group. This pricing structure forces organizations to audit their user lists and remove inactive accounts to avoid recurring charges.

How do workspace administrative controls differ between Free and Enterprise tiers?

Administrative authority varies strictly by subscription tier. In a Free workspace, all members receive admin status by default. Any user can invite new members, remove existing guests, edit the workspace profile, and change visibility settings. This open structure creates security risks for organizations, as no single administrator holds exclusive control over board access. Free workspaces cannot assign read only roles; every member holds full editing privileges.

The Enterprise tier centralizes governance through an Enterprise Admin Dashboard. Administrators manage members, workspaces, and boards from a single interface. Enterprise controls include enforcing SAML single sign on via Atlassian Guard, which secures user authentication. Administrators also set organization wide visibility rules and restrict data from leaving the enterprise environment. The system allows administrators to assign multi board guest status, granting external contractors access to specific boards without consuming a paid license.

Enterprise administrators dictate which Power Ups and attachment types users can install. This prevents employees from connecting unauthorized third party applications to company boards. Free tier users cannot restrict Power Up installations, leaving boards open to external software integrations.

What specific compliance standards does Trello Enterprise meet?

Atlassian built Trello Enterprise to satisfy strict corporate security requirements. The platform complies with ISO 27001, SOC 2, and PCI DSS standards. These certifications verify that Trello maintains documented security practices and protects payment card data. The Cloud Security Alliance recognizes Trello for its adherence to a common controls framework.

Trello encrypts data at rest and in transit across all tiers, reporting Enterprise adds advanced user provisioning. The system integrates with SCIM for automated user lifecycle management. When an employee leaves a company, the SCIM integration automatically revokes their Trello access, preventing unauthorized data retrieval.

The platform guarantees 99. 99 percent uptime for Enterprise customers. This service level agreement ensures continuous access to project data. Free tier users do not receive uptime guarantees or priority support.

What is the final verdict on the 2026 state of Trello?

Trello operates as a fully monetized enterprise platform in 2026. The April 2024 collaborator limit eliminated the free utility that originally drove the software’s user acquisition. By capping free workspaces at 10 users, Atlassian forced thousands of organizations to either pay for Standard licenses or migrate to alternative tools.

The January 2024 data scrape, which exposed 15 million user records, demonstrated vulnerabilities in the platform’s API architecture. A threat actor exploited an unauthenticated REST API endpoint to link private email addresses from previous breaches with public Trello profiles. Atlassian responded by requiring authentication for the API, yet the exposed data remains circulating on hacking forums.

Organizations evaluating Trello must calculate the exact cost per user and assess their administrative requirements. The Free tier serves individual users and small groups, while the Premium and Enterprise tiers provide the centralized control necessary for corporate security. The transition from a free Kanban board to a paid enterprise tool is complete.

What are the hidden costs of the Trello ecosystem?

Base subscription fees do not represent the total cost of ownership. Essential Power Ups developed by third party partners require separate subscription fees. Teams relying on advanced reporting or specialized time tracking integrations frequently pay premium rates to external developers. These hidden costs rapidly escalate the monthly expenditure per user.

Atlassian markets Trello with a straightforward pricing structure. The Standard plan costs $5 per user per month. The Premium plan costs $10 per user per month. The Enterprise tier costs $17. 50 per user per month. In August 2021, Atlassian removed the strict one Power Up limit for free workspaces. The company announced that all users could install unlimited Power Ups. This marketing language created a widespread misconception. Trello allows unlimited installations, yet Atlassian does not cover the licensing fees for third party applications. Users must purchase separate subscriptions directly from external developers to use advanced features.

Time tracking represents a major hidden expense for project managers. Trello provides no native time tracking capabilities. Teams must install external Power Ups to log billable hours or monitor employee productivity. The Everhour Time Tracking Power Up charges a flat rate of $10 per month per workspace. Planyway offers calendar and time tracking features reporting restricts advanced reporting to its paid tiers. Teams that need to export timesheets or calculate billable amounts must absorb these secondary subscription costs. The financial responsibility shifts from the primary software provider to a network of independent creators.

Advanced reporting and analytics introduce additional financial pressure. Trello provides basic Dashcards for free. Teams requiring granular data visualization must look elsewhere. Screenful develops a popular suite of project management Power Ups. Starting January 1, 2026, Screenful consolidated its tools into a single bundle. This bundle includes Card Size, Card Priority, Card Dependencies, Epic Cards, and Scaled features. Screenful charges $14. 90 per month or $99 per year for this bundle. Financial tracking tools follow the same model. The Finance Wallet Expenses Income Summary Power Up charges $4. 99 per month or $49 per year to remove upgrade badges and unlock full budget monitoring capabilities.

Security and administrative controls also drive up the total cost of ownership. Trello includes basic two factor authentication on all plans. Organizations requiring Single Sign On and enforced two factor authentication must purchase Atlassian Guard. This security service costs an additional $4 per user per month for non Enterprise customers. A company with fifty employees on the Premium plan pays $500 monthly for Trello. Adding Atlassian Guard increases the monthly bill by $200. If that same company uses the Screenful bundle and Everhour, the total monthly expenditure climbs to $724. 90. The base price only covers the visual board interface.

Verified Third Party Power Up Costs (2025 to 2026)

Power Up or Service	Developer	Verified Cost	Primary Function
Time Tracking	Everhour	$10. 00 per month	Billable hours and budget tracking
Power Ups Bundle	Screenful	$14. 90 per month	Epics, dependencies, and card sizing
Finance Wallet	Eve Levi	$4. 99 per month	Expense and income tracking
Atlassian Guard	Atlassian	$4. 00 per user per month	Single Sign On and enforced security

These fragmented billing structures complicate procurement for corporate clients. Administrators must manage multiple vendor contracts instead of a single Atlassian invoice. When a third party developer increases prices, the Trello ecosystem becomes more expensive to maintain. The absence of native enterprise features forces companies to rely on external developers. This reliance creates a volatile pricing environment. Teams budgeting for Trello must calculate the exact combination of Power Ups required to achieve their operational goals. Failing to account for these external subscriptions results in severe budget overruns.

Data export and backup solutions present additional financial requirements. Trello allows basic CSV exports on paid plans. Companies needing automated backups or specialized data compliance tools must purchase dedicated Power Ups. Rewind Backups for Trello charges a separate monthly fee to protect board data from accidental deletion. Without this third party service, users risk permanent data loss if a team member deletes a board. The core application does not provide a native trash bin for restoring deleted boards. Businesses must pay external vendors to secure their proprietary information.

The reliance on third party developers also introduces operational risks. If an independent developer abandons a Power Up, teams lose access to essential workflow tools. Atlassian does not guarantee the maintenance or security of external integrations. Companies paying for these add ons must conduct independent security audits for each vendor. This auditing process requires dedicated IT hours. The hidden costs extend beyond monthly subscription fees. They include the administrative labor required to vet, purchase, and manage a patchwork of independent software tools.

What is the final operational verdict on Trello for enterprise and free users in 2026?

Fifteen years after its 2011 launch, Trello operates under a strictly metered financial model that prioritizes enterprise conversions over free user acquisition. The platform maintains a 12. 0% share of the task management market, positioning it behind Todoist at 15. 0% and Microsoft To Do at 14. 0%, yet ahead of Asana at 11. 0% and Monday. com at 9. 0%. Traffic metrics from early 2025 show consistent usage, with the platform recording 76. 75 million website visits in January 2025 before settling at 74. 49 million in February 2025. Even with these high traffic volumes, adoption rates among project management software buyers dropped to 5% by March 2026.

The April 2024 policy changes permanently altered the free tier experience. Atlassian imposed a strict limit of 10 collaborators on free workspaces, which included guests and pending invitations. Prior to this update, organizations routinely operated massive free boards with hundreds of contributors. By May 2024, workspaces exceeding this cap were forced into a view only mode, disabling all board modifications until administrators reduced the user count or purchased a premium subscription. This enforcement method successfully converted high volume free users into paying customers, directly contributing to Atlassian reporting $1. 13 billion in total revenue for the fourth quarter of fiscal year 2024. Cloud revenue grew 31% year over year during that same period, driven heavily by paid seat expansion and forced migrations from these restricted free tiers. The company also reported an operating income of $222. 0 million for that quarter, proving the financial viability of their aggressive monetization strategy.

Enterprise adoption metrics show a clear divide in how different organizational sizes use the software. As of March 2026, Trello captures an 11% adoption rate among enterprise companies, compared to 9% in the mid market and just 4% among small to medium businesses. The platform functions primarily as a low barrier entry point that feeds the broader Atlassian product ecosystem. Enterprise users receive advanced security measures, cross board reporting, and integrations with Atlassian Intelligence tools like Rovo, while free users face strict operational boundaries.

Task Management Platform	2025 Market Share	Market Position Indicator
Todoist	15. 0%
Microsoft To Do	14. 0%
Trello	12. 0%
Asana	11. 0%
ClickUp	10. 0%
Monday. com	9. 0%

Demographic data from 2025 indicates that Trello relies heavily on direct website visits, which account for 83. 5% of its web traffic. This metric points to high brand familiarity and established user habits, contrasting sharply with competitors who rely on paid acquisition. The user base skews slightly male at 54. 52%, with the 25 to 34 age group representing the largest segment at 29. 92%. Geographically, the United States leads adoption with 20, 195 companies using the software, followed by the United Kingdom with 3, 876 companies and Brazil with 3, 214 companies. In the broader Enterprise Resource Planning sector, Trello managed to secure a 4. 8% market slice, competing directly with heavyweights like SAP and Oracle NetSuite for task management integrations. This positioning proves that while Trello lost favor among small free teams, it successfully integrated itself into massive corporate infrastructures.

The final operational assessment of Trello in 2026 confirms its transition from an independent productivity tool to a structured corporate asset. The software no longer functions as an unrestricted digital whiteboard for large, unfunded teams. Atlassian successfully monetized the user base by restricting core functionalities, forcing organizations to either pay for premium tiers or migrate to competing platforms. For enterprise clients, Trello remains a highly functional, visually reporting node within a larger software ecosystem. These paying customers receive continuous updates, including advanced artificial intelligence processing and automated workflow generation. For free users, the platform is reporting a strictly limited trial environment. The era of building entire companies on the free version of Trello ended definitively in 2024. Today, the software serves as a calculated revenue generator for Atlassian, trading grassroots goodwill for verified enterprise profitability.

What is the final investigative verdict in this investigative Trello Review?

Atlassian purchased Trello for 425 million dollars in January 2017. The platform originally grew through unrestricted free access. The parent company systematically eliminated these free collaboration features over time.

Starting April 8, 2024, Atlassian capped free workspaces at 10 collaborators. By May 20, 2024, any free workspace exceeding 10 members entered a restricted state where users could only view boards. Teams must reporting pay 5 dollars per user per month for the Standard plan or 10 dollars per user per month for the Premium plan to restore editing capabilities. The Enterprise tier costs 17. 50 dollars per user per month for a minimum of 50 users.

Security measures failed in January 2024. A threat actor named emo exploited a public REST API endpoint. The attacker fed 500 million known email addresses into the unsecured API. This method successfully scraped the public profiles and private email addresses of 15 million Trello users. The exposed data appeared on a hacking forum. Atlassian subsequently modified the API to require authentication for public profile queries.

The platform remains functional for basic task management. Yet the product demands a premium price for team expansion and carries a documented history of serious data exposure.

**This Trello Review was originally published on our controlling outlet and is part of the Media Network of 2500+ investigative news outlets owned by  Ekalavya Hansaj. It is shared here as part of our content syndication agreement.” The full list of all our brands can be checked here. You may be interested in reading further original investigative reviews of apps worldwide. 

Kids’ Online Safety Tools: Effectiveness audits and data risks