What tenant data is processed and stored by SProbot

By design, SProbot follows least-privilege and data minimisation principles and does not process or store any more data than it needs to in order to enable its functionality.

Data imported from the tenant

During tenant connection

When you connect SProbot to your tenant, a container is created for the tenant within SProbot. At this point, the only data stored is:

• Tenant Azure ID
• Tenant URL
• Basic user data (Azure ID, Username, Displayname) of the account configured as tenant admin

During initial and daily import

Each time an import runs, SProbot gets a list of SharePoint sites in your tenant and retrieves the following metadata about each site, which is then stored in the directory:

• Name
• Description
• Site URL
• Teams URL
• Channels
• Group owners (if applicable)
• Site owners (if applicable)
• Sharing settings
• Access request setting
• External file sharing setting
• Group guest access setting
• Created date
• Created by
• Last activity date
• Storage quota
• Storage quota notification %
• Storage used
• File count
• Associated hub

The basic user data for all users who are group and site owners is also stored at this point to enable admin actions such searching, filtering and assignment.

Data processed and stored during workspace provisioning

Template data

When sites are provisioned from templates, SProbot:

1. Reads the source site's template information and generates a temporary PnP provisioning template
2. Creates a blank site
3. Applies the PnP template to the site
4. Applies the security and other governance settings configured within SProbot
5. Discards the temporary template

When teams are provisioned from templates, SProbot:

1. Reads the available templates published on the tenant
2. Creates a team using the relevant template

In neither of the two provisioning processes is template information permanently stored, it is only processed during provisioning.

User data

• When a user is assigned as an approver for workspace creation, their basic user data (Username, Displayname) is stored to enable approval processing.
• When a user signs into the Teams app, their basic user data is stored to enable tracking of their provisioning requests, assigned actions, and action history.

Data processed and stored during interaction with the Teams app

When a user opens the Teams app, their basic user data is stored to identify them and enable unique actions and history to be displayed for them.

Data processed and stored by AI enrichment

The AI enrichment process entails ingesting, indexing, generative AI description, and storage of generated metadata.

Ingested from the tenant during enrichment

For each site in the directory, SProbot ingests:

• List names
• Column names
• Folder names
• File names

Processed during enrichment

The ingested information is temporarily stored in Azure storage only during the indexing and generative AI description process for each site, and then deleted immediately after the site's processing has been completed.

Stored during enrichment

The following metadata is generated by the AI service and stored within SProbot for each site in the directory:

• Description - This is worded in generic language and is designed to exclude personal and other sensitive information (due to the nature of generative AI this is best-effort and cannot be guaranteed)
• Topic tags

Data NOT stored in SProbot

SProbot never stores:

• Account credentials
• Site templates
• Site contents in the form of documents or list items (partial site contents such as pages and images contained in pages are processed but not stored during provisioning)