Navigation

Privacy Policy

Data Collection

This service collects and processes the following data to provide monitoring functionality:

  • Device hardware information (manufacturer, model, serial number)
  • Autopilot provisioning session data (status, events, timestamps)
  • Azure AD/Entra ID tenant information
  • User authentication information (UPN, display name, tenant ID)
  • Operational telemetry and audit logs
  • Anonymized usage telemetry (via Azure Application Insights, no cookies) — used to understand which features are used and improve the service. No personal data is transmitted.

Data Processing Context

During an Autopilot enrollment, the user authenticates solely to verify their identity and initiate the process. After that, the user is not actively interacting with the device while provisioning runs. As a result, the data collected by the monitoring agent consists exclusively of technical enrollment events — no user activity, browsing data, or personal content is captured.

Tenant administrators retain full control over collected data through the following options:

  • Data Retention — configurable retention period per tenant (default 90 days); expired sessions are automatically purged
  • Delete Session — delete individual monitoring sessions on demand
  • Offboard Tenant — remove all data and configurations for a tenant from the service

These controls ensure that no personal information accumulates in the backend beyond what is necessary for enrollment monitoring. The service is designed for operational transparency, not user surveillance.

Data Storage & Security

The platform is built with a layered security architecture designed to protect data at every level:

Authentication & Device Identity

  • Device agents authenticate via Intune MDM client certificates, validated against the embedded Intune CA chain
  • Web users authenticate via Microsoft Entra ID (Azure AD) with multi-tenant JWT validation
  • Autopilot device validation via Microsoft Graph — only registered Autopilot devices are accepted
  • Optional hardware whitelist for additional device verification
  • Per-device rate limiting (sliding window) to prevent abuse

Tenant Isolation

  • Strict multi-tenant data isolation — all storage queries are partitioned by Tenant ID
  • Real-time channels (SignalR) are scoped to tenant-specific groups
  • Independent configuration, audit logs, and device management per tenant

Transport & Data Protection

  • All communication encrypted via HTTPS/TLS; real-time updates via secure WebSocket
  • Diagnostics upload URLs are issued on-demand, and never persisted on the device
  • Azure Storage encryption at rest for all persisted data
  • PII logging disabled in production environments

Access Control

  • Role-based access: Tenant Admin (full tenant management), Operator, Users
  • Device blocking capabilities for compromised or unauthorized devices
  • Comprehensive audit logging of administrative actions

Data Sharing

Your data is not shared with third parties. Access is restricted to:

  • Authenticated users within your tenant
  • Global Administrators (for platform operations and support)

Your Rights

As this is an environment operated under best-effort principles, formal data subject rights (access, deletion, portability) are not guaranteed. However, we will make reasonable efforts to accommodate such requests on a case-by-case basis.