Security
Last updated: 2026-05-02
Forge-Native Architecture
Simple Gantt is built entirely on Atlassian Forge, Atlassian's cloud-native app platform. This means:
- No external servers. All app code runs inside Atlassian's infrastructure. We do not operate any servers, databases, or APIs outside of Atlassian.
- No data egress. Your Jira data is processed and stored entirely within Atlassian's cloud. It never leaves Atlassian's environment.
- No third-party dependencies. The app does not call external services, analytics platforms, or tracking scripts at runtime.
Data Storage
Simple Gantt stores Gantt-specific data (project configurations, phases, baselines, change history, and settings) using Forge Storage, Atlassian's built-in storage service. This data:
- Is encrypted at rest and in transit by Atlassian
- Is scoped to your Atlassian site and not accessible by other tenants
- Inherits your Atlassian data residency settings automatically
- Is deleted when the app is uninstalled
Permissions
Simple Gantt requests only the minimum scopes required to function:
| Scope | Purpose |
|---|---|
read:jira-work | Read issues, projects, and users for Gantt chart display |
write:jira-work | Update issues when you make changes through Simple Gantt |
read:board-scope:jira-software | Read board data for sprint overlay |
read:sprint:jira-software | Read sprint data for sprint overlay |
storage:app | Store Gantt configurations, baselines, and settings |
Additional read-only scopes (read:field:jira, read:project:jira, read:user:jira, etc.) are used to display field configurations, project metadata, and user information within the app.
Authentication and Access Control
- Simple Gantt uses Atlassian's built-in authentication. No separate login, API keys, or personal access tokens are required.
- The app respects your existing Jira permission scheme. Users can only see and edit issues they already have access to in Jira.
- Admin-only features (like JQL configuration) follow Jira's project admin permissions.
What We Don't Do
- We do not collect, store, or process personal information outside of Atlassian
- We do not log user data to external systems
- We do not use cookies, analytics trackers, or third-party scripts in the app
- We do not share, sell, or transfer your data to any third party
- We do not require shared secrets, passwords, or personal access tokens
Vulnerability Reporting
If you discover a security vulnerability in Simple Gantt, please report it to support@getsimplegantt.com. We take all reports seriously and will respond promptly.
Contact
For security questions: support@getsimplegantt.com