SProbot is built and run on a foundation of security and privacy.

1. Information processing principles

By design, SProbot follows least-privilege and data minimisation principles and does not process or store any more data than it needs to enable its functionality.

2. Data ingested from the tenant

SProbot leverages Azure’s comprehensive data protection features to ensure your information is secure at all stages - during transit, at rest, and in use.

2.1. During tenant connection

When you connect SProbot to your tenant, a container is created for the tenant within SProbot. At this point, the only data stored is:

• Tenant Azure ID
• Tenant URL
• Basic user data (Azure ID, Username, Displayname) of the user designated as tenant admin (by default the SProbot account admin)

2.2. During initial and subsequent crawls

Each time a crawl runs, SProbot gets a list of SharePoint sites in your tenant and retrieves the following metadata about each site, which is then stored in the directory:

• Name
• Description
• Site URL
• Teams URL
• Channels
• Group owners
• Site owners
• Sharing settings
• Sharing links
• Guest users
• Access request setting
• External file sharing setting
• Group guest access setting
• Sensitivity label
• Created date
• Created by
• Last actitivity date
• Storage quota
• Storage quota notification %
• Storage used
• Restricted Access Control setting
• Associated hub

3. Data processed and stored during provisioning

3.1. Template data

When sites are provisioned from templates, SProbot:

1. Reads the source site's template information and generates a temporary PnP provisioning template
2. Creates a blank site
3. Applies the PnP template to the site
4. Applies the security and other governance settings configured within SProbot
5. Discards the temporary template

When teams are provisioned from templates, SProbot:

1. Reads the available templates published on the tenant
2. Creates a team using the relevant template
3. Applies the security and other governance settings configured within SProbot

In neither of the two provisioning processes is template information permanently stored, it is only processed during provisioning.

3.2. User data

• When a user is assigned as an approver for workspace creation, their basic user     data (Username, Displayname) is stored to enable approval processing.
• When a user signs into the Teams app, their basic user data is stored to enable     tracking of their provisioning requests, assigned actions, and action history.

4. Data processed during interaction with the Teams app

When a user opens the Teams app, their basic user data is stored and then used to identify them to enable unique actions and history to be displayed for them.

5. Data processed and stored by AI assessment

The AI assessment process entails ingesting, indexing, generative AI description and evaluation, and storage of generated metadata.

5.1. Ingested from the tenant during assessment

For each site in the directory, SProbot ingests:

• Site name
• List names
• Column names
• Folder names
• File names

5.2. Processed during assessment

The ingested information is temporarily stored in Azure storage only during the indexing and generative AI description process for each site, and then deleted immediately after the site's processing has been completed.

5.3. Stored during assessment

The following metadata is generated by the AI service and stored within SProbot for each site in the directory:

• Description - This is worded in generic language and is designed to exclude personal and other sensitive information (due to the nature of generative AI this is best-effort and cannot be guaranteed)
• Topic tags

6. Data NOT stored in SProbot

SProbot never stores:

• Account credentials
• Site templates
• Site contents in the form of documents or list items (partial site contents such as pages and images contained in pages are processed but not stored during provisioning)