1. Overview
AppConfig is designed with privacy in mind. We do not collect or store any personal data on our servers. The application operates as a client-side tool within your browser, directly accessing your Microsoft Entra ID environment.
Key Privacy Principle: AppConfig is a browser-based application where all data processing occurs locally in your browser. Your tenant data remains in your Microsoft Entra ID environment and is accessed directly via Microsoft Graph API. No customer data is permanently stored on AppConfig servers.
Read + Write Access: Unlike read-only tools in the AppConfig² suite, AppConfig holds full read-write delegated permissions and can create, modify, and delete application registrations and related Entra ID objects. All write operations are performed on behalf of the signed-in user and require explicit user action.
Note: Testing the OAuth 2.0 client credentials flow requires a secure backend service (per the OAuth specification) to protect sensitive credentials. AppConfig provides an optional Azure Function for this purpose, which processes data in-memory only and never logs or stores it permanently. See Section 4.4 for full details.
2. Information AppConfig Accesses
AppConfig is primarily a client-side application. Most data access occurs directly between your browser and Microsoft services, with no intermediary servers. To provide its functionality, AppConfig accesses the following information within your Microsoft Entra ID tenant:
2.1 Authentication Information
- User identity and basic profile information (name, email, tenant ID)
- Authentication tokens for Microsoft Graph API access
- User roles and permissions within your organisation
Access Method: Direct browser-to-Microsoft authentication via MSAL.js library using Authorization Code Flow + PKCE. No AppConfig servers involved.
2.2 Application Data (Read & Write)
- Application registrations and their configurations — read and written
- API permissions and consent information — read and modified
- Authentication settings and redirect URIs — read and modified
- Claims mapping policies and directory extensions — read and managed
- Application secrets metadata (not the actual secret values) — read; new secrets created upon user request
- Application role assignments — read and provisioned for testing purposes
Access Method: Direct browser-to-Microsoft Graph API calls using delegated permissions (Application.ReadWrite.All and related scopes). All data flows between your browser and Microsoft services.
2.3 Directory Information (Read)
- User and group information for provisioning features
- Conditional access policies and their assignments
- Directory schema and extension attributes
Access Method: Direct browser-to-Microsoft Graph API read calls. Data remains between your browser and Microsoft services.
3. Local Data Storage & Caching
AppConfig uses your browser's local storage to improve performance and user experience:
3.1 Cached Information
- Application metadata: Names, IDs, and basic configuration data (cached for up to 5 minutes)
- User preferences: UI settings, filter selections, and pagination preferences
- Ownership data: Application ownership information for permission management
- Service principal mappings: For identifying application types and configurations
- Backup snapshots: Application configuration backups created before and during testing, stored in localStorage for restore purposes
3.2 Cache Management
- Cache data is automatically purged every 5 minutes
- All cached session data is cleared when you log out
- Backup snapshots persist in localStorage until you delete them or clear browser storage
- You can manually clear cache through browser settings
- No cached data is transmitted to our servers
4. How We Use Your Information
Information accessed by AppConfig is used solely for the following purposes:
4.1 Core Functionality
- Displaying and managing your Microsoft Entra ID application registrations
- Testing authentication flows and analysing tokens
- Creating and restoring application configuration backups
- Providing user and permission management capabilities for testing
- Managing claims mapping policies, directory extensions, and application roles
Data Flow: All functionality operates directly between your browser and Microsoft services. No data passes through AppConfig servers during read or write operations.
4.2 Performance Optimisation
- Caching frequently accessed data to reduce API calls (browser-side only)
- Maintaining session state for seamless user experience (browser-side only)
- Batching API requests to improve response times
4.3 Security & Access Control
- Verifying user permissions and organisational access
- Implementing tenant allowlist security controls
- Monitoring for unauthorised access attempts
Data Flow: Access verification happens via direct Microsoft authentication. Tenant allowlist checks may query AppConfig backend for the authorised tenant list only.
4.4 Client Credentials Testing (Optional Feature)
AppConfig provides an optional Auth Flow Tester for validating OAuth flows, including the client credentials flow:
- Purpose: Allows you to test client credentials (application ID and secret) to verify they work correctly
- Data Processed: Client ID, client secret or certificate, tenant ID (transmitted to AppConfig Azure Function)
- Processing: Function makes a token request to Microsoft's token endpoint on your behalf and returns the result
- Retention: Data is processed in-memory only. Client credentials are never logged or stored permanently
- Logging: Only non-sensitive metadata is logged (client ID, timestamp, success/failure status — no secrets or tokens)
- Usage: This feature is completely optional. All other AppConfig functionality works without using this endpoint
Why a Backend Service is Required: The OAuth 2.0 client credentials flow (defined in RFC 6749 Section 4.4) requires transmitting sensitive credentials to obtain access tokens. For security reasons, these credentials must never be exposed in browser-based applications. Any tool that tests client credentials must use a backend service to securely handle these secrets. This is a fundamental requirement of the OAuth 2.0 specification, not specific to AppConfig.
AppConfig Implementation: Our /get-token Azure Function serves as this secure backend. It receives credentials over encrypted HTTPS, processes them in-memory only, and never logs or stores sensitive data.
Summary: Except for the optional client credentials testing feature, no tenant data is transmitted to or stored on AppConfig servers. The client credentials testing feature does not process or store any personally identifiable information (PII), as the client credentials flow does not involve user data.
5. Data Transmission & Security
5.1 Client-Side Architecture
- AppConfig is hosted as an Azure Static Web App — primarily static HTML, CSS, and JavaScript
- All application logic runs in your browser
- All read and write operations occur directly between your browser and Microsoft Graph API
- No customer tenant data passes through AppConfig servers during normal operations
Exception: The optional /get-token testing endpoint processes client credentials as described in Section 4.4.
5.2 Encryption
- All data transmission uses HTTPS/TLS encryption (both to Microsoft services and AppConfig endpoints)
- Authentication tokens are handled securely by MSAL.js and never logged
- Local cache data is stored in browser storage with browser-native security protections
- Client credentials sent to the
/get-tokenendpoint are encrypted in transit and never persisted
5.3 Access Controls
- Tenant allowlist system prevents unauthorised organisational access
- All permissions are delegated — AppConfig operates within the bounds of the signed-in user's own Entra ID role
- Session timeouts and automatic logout for inactive sessions
- Azure Function endpoints protected by Azure infrastructure security
5.4 API Security
- All Microsoft Graph API calls use your authenticated session (OAuth 2.0 delegated tokens)
- API requests are scoped to necessary permissions, requested at the point of use where possible
- CORS policies restrict which origins can call AppConfig endpoints
5.5 Logging & Monitoring
- Client-side: No logging of sensitive data. Browser console may show debugging information locally.
- Server-side (Azure Functions): Minimal logging for operational monitoring only:
- Request timestamps and success/failure status
- Client IDs (application identifiers — not secrets)
- Error messages (sanitised to exclude secrets)
- Never Logged: Client secrets, access tokens, refresh tokens, user passwords, or personal data
- Operational logs are retained per Azure platform defaults (typically 30–90 days). No sensitive data is ever logged.
6. Third-Party Services
AppConfig integrates with Microsoft services only:
- Microsoft Entra ID: Authentication and identity management (direct browser-to-Microsoft connection)
- Microsoft Graph API: Accessing and managing directory data (direct browser-to-Microsoft connection)
- Azure Static Web Apps: Hosting the application frontend
- Azure Functions: Hosting the optional
/get-tokentesting endpoint - Azure Application Insights: Application health monitoring (no personal data collected)
No other third-party services have access to your data or authentication information. We do not use third-party analytics, advertising, or tracking services.
7. Data Retention & Deletion
7.1 No Permanent Server Storage
- No user data or tenant data is permanently stored on AppConfig servers
- Session data is purged when sessions end
- Application configurations are accessed in real-time from your Entra ID
- Exception: Operational logs from the
/get-tokenendpoint (client ID, timestamp, status — no secrets) are retained per Azure platform defaults (typically 30–90 days). No sensitive data is ever logged.
7.2 Local Data Cleanup
- Browser session cache is automatically cleared every 5 minutes and on logout
- Backup snapshots stored in localStorage persist until you delete them via the Backup & Restore tool or clear browser storage manually
- Users can clear all browser-stored data through browser settings at any time
7.3 Backend Data Handling
- The
/get-tokenfunction processes client credentials in-memory only - No client secrets or tokens are persisted to disk or database
- Function execution logs are retained per Azure platform defaults and contain only non-sensitive metadata
7.4 User Control
- Users can revoke AppConfig's access at any time via Microsoft Entra Admin Center → Enterprise Applications → AppConfig → Permissions → Revoke consent
- Revoking consent does not undo write operations already performed — use the Backup & Restore feature to revert unintended changes
- Operational logs contain no personally identifiable information and are automatically deleted per Azure platform retention policy
8. Your Rights & Control
8.1 Access Control
- Manage access permissions through Microsoft Entra ID admin centre
- Revoke application consent at any time
- Control which users in your organisation can access AppConfig
8.2 Data Portability
- All data remains in your Microsoft Entra ID tenant
- No vendor lock-in or proprietary data formats
- Standard Microsoft Graph API access for data export
8.3 Transparency
- Request information about data processing activities
- Receive notifications of any material changes to data handling
- Contact support for privacy-related questions or concerns
9. Compliance
9.1 GDPR
- Minimal data processing principle — only what is required for the functionality you use
- No cross-border data transfers (data remains in your tenant and Microsoft's infrastructure)
- User rights to access, rectify, and erase data
- Data Protection Impact Assessment available upon request
9.2 Microsoft Trust Centre
- Builds on Microsoft's security and compliance foundation
- Inherits Microsoft Entra ID's compliance certifications
- Write operations performed by AppConfig are subject to the same audit logging as equivalent operations in the Entra Admin Centre
10. Changes to This Policy
We may update this Privacy Policy to reflect changes in AppConfig's functionality, features, or applicable regulations. Significant changes will be communicated through in-application notifications and updates posted on this page. Continued use of AppConfig after such updates constitutes acceptance of the revised policy.
11. Contact
For privacy-related questions or concerns about AppConfig:
- Privacy: privacy@appconfig.eu
- General Support: support@appconfig.eu
- Response Time: We aim to respond within 72 hours
EU data subjects have the right to lodge a complaint with their local supervisory authority if they believe their privacy rights have been violated.