"No data leaves your browser" sits right under the ROADagile logo — a bold claim. For teams in regulated industries, TISAX-certified environments, or organizations operating under ISO 27001, it's either a decisive advantage or an empty promise. This article explains exactly what it means in practice — and how you can verify it yourself without taking our word for it.

The short version: ROADagile is not a conventional web application with a backend. Your CSV file, your planning data, and all calculations stay entirely within your browser tab. There is no server receiving or storing your data — because none is needed.

The problem with cloud planning tools

Most planning tools — whether SaaS roadmap tools, Jira plugins, or AI-driven portfolio managers — follow the same pattern: you upload your data, a server processes it, and the result comes back to you. Convenient, but it creates a fundamental data exposure problem.

Your Jira CSV contains more than ticket IDs. It contains project names, feature descriptions, team assignments, story point estimates, and strategic priorities — in short, a detailed view into your product strategy and delivery capacity. In a cloud tool, that data lands on third-party servers, raising questions about data residency, sub-processors, and auditability.

In automotive or industrial organizations subject to TISAX requirements, this isn't a theoretical concern. It's often a hard blocker for external tooling.

How browser-first processing works

Modern browsers are not simple display programs. They contain powerful runtime environments capable of running complex calculations directly on your device — without any data having to leave it.

ROADagile is built around this capability. All planning logic — CSV parsing, hierarchy construction, timeline calculation, Gantt rendering — runs as code inside your browser tab. This is a client-side application: the code is downloaded once on first load, and from that point on, everything runs locally.

Three steps illustrate how this works in practice:

Step 1 — File import

The CSV is read locally

When you select a CSV file, the browser accesses it directly from your device. The file is not uploaded. No network request is made. The file contents are held exclusively in your device's working memory.

Step 2 — Planning and calculation

All computation runs in the tab

Column detection, SAFe hierarchy mapping, capacity-based scheduling — everything happens within the same browser tab. No request leaves your machine. You can even use ROADagile offline once the page has loaded.

Step 3 — Saving and sharing

Sessions stay on your device

When you save a planning session, a JSON file is downloaded to your local device — like any normal file download. When sharing via URL, the planning state is encoded as a hash in the address bar. There is no central server where sessions are stored.

Verify it yourself: the network test

Trust is good. Verifiability is better. You don't have to take our word for any of this — you can confirm it directly in your browser.

How to check

Open ROADagile in your browser and press F12 (or right-click → "Inspect"). Switch to the Network tab. Now import a CSV file and run a planning session. You will see: no requests are sent to any external server during the entire planning process. The only network activity on first load is the application files themselves — after that, silence.

Any security officer can run this test in two minutes. No need to trust a privacy policy — just an open browser DevTools panel.

What this means for TISAX and ISO 27001

In regulated environments, the central question for any tool is: what data leaves the corporate network, and where does it go?

For ROADagile, the answer is clear: planning data does not leave the device. There is no third-party vendor to qualify as a sub-processor. No servers in unknown jurisdictions. No data processing agreement (DPA) required for the planning process itself.

This significantly simplifies risk assessment:

Note: Matomo web analytics is active on the website, but with cookies disabled and no transmission of personal data. It does not touch planning data in any way.

Browser-first vs. conventional SaaS

Aspect ROADagile Typical SaaS tool
CSV processing Locally in browser Uploaded to server
Planning calculations In the browser tab Server-side
Offline use Possible after first load Always requires connectivity
Works behind firewalls Yes, no external API calls Usually not
DPA / data agreement needed Not for planning data Required
Self-verification possible Directly via browser DevTools Requires vendor audit

The honest trade-offs

Browser-first processing has real advantages — but also clear limitations we won't hide.

No real-time collaboration: Multiple people cannot work simultaneously on the same session the way they would in a shared Google Doc. The plan is shared via session export or URL.

No AI-assisted planning: Features like automated prioritization suggestions from an AI model would require a backend. That's a deliberate choice: we prioritize data security over AI features.

No cloud-hosted planning history: Planning sessions don't exist "in the cloud" — they live on your device. This is by design, not a limitation of resources.

Teams that accept these trade-offs get a tool that can withstand scrutiny in TISAX audits, ISO 27001 certifications, and regulated industrial environments — without any workarounds.

Conclusion

"No data leaves your browser" is not a marketing slogan. It's a direct consequence of the architecture. ROADagile has no backend processing your planning data — because the core use case doesn't need one. Your Jira exports, feature descriptions, and roadmap decisions stay where they belong: on your device.

If you'd rather not take our word for it, you can verify it in two minutes. That's the real difference from a privacy statement buried in the terms of service.

Be there at launch

ROADagile is opening up for teams soon. Join the mailing list to be among the first to hear — including guidance on rolling it out in regulated environments.

Join the mailing list