Security: Runs on Atlassian
Insights and charts is built entirely on Atlassian Forge. Unlike connected charting apps that copy your Jira data to a third-party cloud, everything here runs within Atlassian's infrastructure. For security-sensitive teams this is the headline difference.
Your data never leaves Atlassian
- No external servers — the app doesn't run on any third-party infrastructure.
- No data egress — your issues, comments, history, and the dashboards you build stay within Atlassian.
- No third-party analytics or logging — there are no external trackers in the data path.
- No external API tokens — authentication is handled by Atlassian's platform.
Charts are computed from your Jira data in your browser and from Jira's own index; precomputed metrics and dashboard definitions are stored in Forge storage, inside Atlassian. Even file exports (CSV/Excel/PNG/PDF) are produced locally in your browser.
Scoped permissions
The app requests only what it needs, all reviewable in the Marketplace before you install:
| Permission | Purpose |
|---|---|
read:jira-work, read:issue-details:jira, read:jql:jira | Read issues and run JQL to build charts. |
read:jira-user | Resolve assignees and other user references. |
read:project:jira, read:filter:jira | List projects and saved filters as datasets. |
read:board-scope:jira-software, read:sprint:jira-software | Read boards and sprint data for velocity and burndown. |
write:jira-work | Store precomputed analytics as issue properties for indexing derived metrics (cycle time, time-in-status, reopens). It does not modify your issues' fields, comments, or workflow. |
storage:app, read:app-data:jira, write:app-data:jira | Save dashboards, view state, and gadget configuration in Forge storage. |
Atlassian-managed infrastructure
Forge provides automatic runtime security updates, sandboxed per-app execution, and runs on Atlassian's infrastructure, which holds certifications including SOC 2 Type II and ISO 27001, with GDPR compliance and data-residency options. Data stays in your Atlassian cloud region. See the Atlassian Trust Center.
Frequently asked questions
Does Insights and charts store my data externally?
No. All storage uses Forge storage within Atlassian's infrastructure.
Does it modify my issues?
No. The write:jira-work scope is used only to write indexed analytics properties for derived metrics. Your fields, comments, statuses, and workflow are never changed.
Can it access every project?
Only projects where the app is installed and where your Jira permissions already allow access. The app reads as the user.
Is my data encrypted?
Yes — Atlassian encrypts data at rest and in transit, and Forge storage uses Atlassian's encryption standards.
What happens if I uninstall?
Forge storage data is removed according to Atlassian's data-retention policies.