SProbot is built and run on a foundation of security and privacy.

1. Information processing principles

By design, SProbot follows least-privilege and data minimisation principles and does not process or store any more data than it needs to enable its functionality.

2. Data ingested from the tenant

SProbot leverages Azure’s comprehensive data protection features to ensure your information is secure at all stages - during transit, at rest, and in use.

2.1. During tenant connection

When you connect SProbot to your tenant, a container is created for the tenant within SProbot. At this point, the only data stored is:

• Tenant Azure ID
• Tenant URL
• Basic user data (Azure ID, Username, Displayname) of the user designated as tenant admin (by default the SProbot account admin)

2.2. During indexing

Each time an index and crawl runs, SProbot gets a list of SharePoint sites in your tenant and retrieves the following metadata about each site and of files identified as of interest:

• Name
• Description
• Site URL
• Teams URL
• Channels
• Group owners
• Site owners
• Sharing settings
• Sharing links
• Guest users
• Access request setting
• External file sharing setting
• Group guest access setting
• Sensitivity label
• Created date
• Created by
• Last actitivity date
• Storage quota
• Storage quota notification %
• Storage used
• Restricted Access Control setting
• Restricted Content Discovery setting
• Associated hub
• Version history

2.3. During crawling

• File name
• File extension
• File size
• Container URL
• Last modified
• Last modified by
• Version data

2.4. User data

• When a user signs into the Teams app, their basic user data is stored to enable tracking of their assigned actions, and action history.

3. Data processed during interaction with the Teams app

When a user opens the Teams app, their basic user data is stored and then used to identify them to enable unique actions and history to be displayed for them.

4. Data processed and stored by AI assessment

The AI assessment process entails ingesting, indexing, generative AI description and evaluation, and storage of generated metadata.

4.1. Ingested from the tenant during assessment

For each site in the directory, SProbot ingests:

• Site name
• List names
• Column names
• Folder names
• File names

4.2. Processed during assessment

The ingested information is temporarily stored in Azure storage only during the indexing and generative AI description process for each site, and then deleted immediately after the site's processing has been completed.

4.3. Stored during assessment

The following metadata is generated by the AI service and stored within SProbot for each site in the directory:

• Description - This is worded in generic language and is designed to exclude personal and other sensitive information (due to the nature of generative AI this is best-effort and cannot be guaranteed)
• Topic tags

5. Data NOT stored in SProbot

SProbot never stores:

• Account credentials
• Site templates
• Site contents in the form of documents or list items (partial site contents such as pages and images contained in pages are processed but not stored during provisioning)