Privacy Policy

1. Overview

AppConfig² is designed with privacy in mind. We do not collect or store any personal data on our servers. The application operates as a client-side tool within your browser, directly accessing your Microsoft Entra ID environment.

2. Information AppConfig² Accesses

AppConfig² is primarily a client-side application. Most data access occurs directly between your browser and Microsoft services, with no intermediary servers. To provide its functionality, AppConfig² accesses the following information within your Microsoft Entra ID tenant:

2.1 Authentication Information

• User identity and basic profile information (name, email, tenant ID)
• Authentication tokens for Microsoft Graph API access
• User roles and permissions within your organization

Access Method: Direct browser-to-Microsoft authentication via MSAL.js library. No AppConfig² servers involved.

2.2 Application Data

• Application registrations and their configurations
• API permissions and consent information
• Authentication settings and redirect URIs
• Claims mapping policies and directory extensions
• Application secrets metadata (not the actual secret values)

Access Method: Direct browser-to-Microsoft Graph API calls. All data remains between your browser and Microsoft services.

2.3 Directory Information

• User and group information for provisioning features
• Conditional access policies and their assignments
• Directory schema and extension attributes

Access Method: Direct browser-to-Microsoft Graph API calls. All data remains between your browser and Microsoft services.

3. Local Data Storage & Caching

AppConfig² uses your browser's local storage to improve performance and user experience:

3.1 Cached Information

• Application metadata: Names, IDs, and basic configuration data (cached for up to 5 minutes)
• User preferences: UI settings, filter selections, and pagination preferences
• Ownership data: Application ownership information for permission management
• Service principal mappings: For identifying application types and configurations

3.2 Cache Management

• Cache data is automatically purged every 5 minutes
• All cached data is cleared when you log out
• You can manually clear cache through browser settings
• No cached data is transmitted to our servers

4. How We Use Your Information

Information accessed by AppConfig² is used solely for the following purposes:

4.1 Core Functionality

• Displaying and managing your Microsoft Entra ID applications
• Testing authentication flows and analyzing tokens
• Creating and restoring application configuration backups
• Providing user and permission management capabilities

Data Flow: All functionality operates directly between your browser and Microsoft services. No data passes through AppConfig² servers.

4.2 Performance Optimization

• Caching frequently accessed data to reduce API calls (browser-side only)
• Maintaining session state for seamless user experience (browser-side only)
• Batching API requests to improve response times

Data Flow: All caching occurs in your browser's local storage. No data is transmitted to AppConfig² servers for caching purposes.

4.3 Security & Access Control

• Verifying user permissions and organizational access
• Implementing tenant allowlist security controls
• Monitoring for unauthorized access attempts

Data Flow: Access verification happens via direct Microsoft authentication. Tenant allowlist checks may query AppConfig² backend for authorized tenant list only.

4.4 Client Credentials Testing (Optional Feature)

AppConfig² provides an optional testing tool Auth Flow Tester for validating OAuth flows, and among them client credentials authentication flow:

• Purpose: Allows you to test client credentials (application ID and secret) to verify they work correctly
• Data Processed: Client ID, client secret or certificate, tenant ID (transmitted to AppConfig² Azure Function)
• Processing: Function makes token request to Microsoft's token endpoint on your behalf and returns the result
• Retention: Data is processed in-memory only. Client credentials are never logged or stored permanently
• Logging: Only non-sensitive metadata is logged (client ID, timestamp, success/failure status - no secrets or tokens)
• Usage: This feature is completely optional. All other AppConfig² functionality works without using this testing endpoint

Summary: Except for the optional client credentials testing feature, no tenant data is transmitted to or stored on AppConfig² servers. The client credentials testing feature does not process or store any personally identifiable information (PII), as the client credentials flow does not involve user data.

5. Data Transmission & Security

AppConfig² implements security best practices for data handling:

5.1 Client-Side Architecture

• AppConfig² is hosted as an Azure Static Web App - primarily static HTML, CSS, and JavaScript
• All application logic runs in your browser
• Most data access occurs directly between your browser and Microsoft services
• No customer tenant data passes through AppConfig² servers during normal operations

Exception: The optional /get-token testing endpoint processes client credentials as described in Section 4.4.

5.2 Encryption

• All data transmission uses HTTPS/TLS encryption (both to Microsoft services and AppConfig² endpoints)
• Authentication tokens are handled securely by MSAL.js library and never logged
• Local cache data is stored in browser's secure storage (localStorage with browser security protections)
• Client credentials sent to /get-token endpoint are encrypted in transit and never persisted

5.3 Access Controls

• Tenant allowlist system prevents unauthorized organizational access
• Role-based access control respects your Entra ID permissions
• Session timeouts and automatic logout for inactive sessions
• Azure Function endpoints protected by Azure infrastructure security

5.4 API Security

• All Microsoft Graph API calls use your authenticated session (OAuth2 tokens)
• API requests are limited to necessary scopes and permissions
• Rate limiting and error handling to prevent abuse
• CORS policies restrict which origins can call AppConfig² endpoints

5.5 Logging & Monitoring

• Client-side: No logging of sensitive data. Browser console may show debugging information locally.
• Server-side (Azure Functions): Minimal logging for operational monitoring only:
  • Request timestamps and success/failure status
  • Client IDs (application identifiers - not secrets)
  • Error messages (sanitized to exclude secrets)
• Never Logged: Client secrets, access tokens, refresh tokens, user passwords, or personal data
• Operational logs are retained according to Azure platform defaults (typically 30-90 days, configurable by the tenant administrator). No sensitive data (such as secrets or tokens) is ever logged.

6. Third-Party Services

AppConfig² integrates with Microsoft services only:

• Microsoft Entra ID: For authentication and identity management (direct browser-to-Microsoft connection)
• Microsoft Graph API: For accessing and managing directory data (direct browser-to-Microsoft connection)
• Azure Static Web Apps: For hosting the application frontend
• Azure Functions: For hosting the optional /get-token testing endpoint
• Azure Application Insights: For monitoring application health and performance (no personal data collected)

No other third-party services have access to your data or authentication information. We do not use third-party analytics, advertising, or tracking services.

7. Data Retention & Deletion

AppConfig² follows a minimal data retention approach:

7.1 No Permanent Storage

• No user data or tenant data is permanently stored on AppConfig² servers
• Session data is purged when sessions end
• Application configurations are accessed in real-time from your Entra ID
• Exception: Operational logs from /get-token endpoint (client ID, timestamp, status - no secrets) are retained according to Azure platform defaults (typically 30-90 days, configurable by the tenant administrator). No sensitive data (such as secrets or tokens) is ever logged.

7.2 Local Data Cleanup

• Browser cache is automatically cleared every 5 minutes
• Logout process removes all cached data from browser
• Browser closure may retain cache until next cleanup cycle
• Users can manually clear browser cache through browser settings at any time

7.3 Backend Data Handling

• /get-token function processes client credentials in-memory only
• No client secrets or tokens are persisted to disk or database
• Function execution logs are retained according to Azure platform defaults (typically 30-90 days, configurable by the tenant administrator) and contain only non-sensitive metadata
• Logs are automatically purged from Azure infrastructure according to the configured retention policy

7.4 User Control

• Users can revoke access permissions at any time via Microsoft Entra Admin Center
• Administrators can remove tenant access by contacting support
• Browser cache can be manually cleared through browser settings
• Operational logs contain no personally identifiable information and are automatically deleted according to Azure platform retention policy

8. Your Rights & Control

You maintain full control over your data when using AppConfig²:

8.1 Access Control

• Manage access permissions through Microsoft Entra ID admin center
• Revoke application consent at any time
• Control which users in your organization can access AppConfig²

8.2 Data Portability

• All data remains in your Microsoft Entra ID tenant
• No vendor lock-in or proprietary data formats
• Standard Microsoft Graph API access for data export

8.3 Transparency

• Request information about data processing activities
• Receive notifications of any material changes to data handling
• Contact support for privacy-related questions or concerns

9. Compliance & Regulatory Information

AppConfig² is designed to support compliance with major privacy regulations:

9.1 GDPR Compliance

• Minimal data processing principle
• No cross-border data transfers (data remains in your tenant)
• User rights to access, rectify, and erase data
• Data Protection Impact Assessment available upon request

9.2 Microsoft Trust Center

• Builds on Microsoft's security and compliance foundation
• Inherits Microsoft Entra ID's compliance certifications
• Follows Microsoft's privacy and security standards

10. Changes to Privacy Policy

We may update this Privacy Policy periodically to reflect:

• Changes in AppConfig² functionality or features
• Updates to privacy regulations or compliance requirements
• Improvements to our privacy practices

Significant changes will be communicated through:

• In-application notifications
• Email notifications to tenant administrators
• Updates posted on our website

Continued use of AppConfig² after such updates constitutes acceptance of the revised Privacy Policy.

11. Contact & Data Protection Officer

For any privacy-related concerns, questions, or requests, please contact us:

• Email: privacy@appconfig.app
• General Support: support@appconfig.app
• Response Time: We aim to respond to privacy inquiries within 72 hours

For data subjects in the EU, you have the right to lodge a complaint with your local supervisory authority if you believe your privacy rights have been violated.