What we keep, what we don’t, and where it lives.
ScanPosture does not store copies of your Microsoft directory. It stores the results of scanning it — findings, scores and posture history. Everything below is sourced from the production stack.
We store the results of scanning your Microsoft environment — not a copy of it.
Findings, scores and posture history live in ScanPosture. Directory objects, user records, configuration items and any content (mailboxes, files, chats) stay in Microsoft. We never copy them across.
Six categories. That’s it.
Every record below is needed to run scans, produce evidence and detect drift over time. Nothing more is collected on your behalf.
Tenant record
Your organisation’s ScanPosture account record, including your Microsoft tenant ID and an encrypted OAuth refresh token so we can re-scan on a schedule without re-authenticating each time.
Scan results
For each check we record which check ran, the state it returned (pass / fail / warning / skipped), severity and priority weighting, the timestamp of the scan and the derived control score. We do not retain the raw Microsoft API responses that produced these results.
Posture history
Snapshots of your control scores and domain posture over time. This powers trend charts, drift detection and historical evidence — data that ScanPosture holds because your Microsoft portals do not retain it.
ScanPosture user accounts
Login credentials for the people in your organisation who access the ScanPosture dashboard. These are separate from your Microsoft identities and are scoped to your tenant by row-level security.
Reporting artefacts
Metadata for generated reports, scheduled email preferences, notification settings and summary outputs.
Audit log entries
Administrative actions, tenant-context events and reads of sensitive resources are appended to a hash-chained audit log. A daily integrity job re-verifies the chain so tampering cannot go undetected.
The four lines we will never cross.
If a procurement reviewer or your customers ever ask whether ScanPosture has access to email, files or passwords — these are the answers.
Raw Microsoft API responses
WhyFetched at scan time, parsed to run checks, then discarded. Only the assessed result is persisted.
Copies of your user directory
WhyWe record check outcomes, not directory objects. Your directory stays in Microsoft.
Your Microsoft passwords or admin credentials
WhyWe use OAuth — no passwords are ever passed to or stored by ScanPosture.
Copies of your emails, files or documents
WhyScanPosture assesses configuration posture, not content. We never read mailboxes, documents or chats.
Your OAuth refresh token
The credential that lets ScanPosture re-scan your environment on a scheduled basis. It is the only piece of sensitive material in our database — and it is treated accordingly.
- Encrypted at rest before being written to the database — only the scanning service can decrypt it.
- Stored in isolated, tenant-scoped storage — every row is filtered by row-level security at the database layer.
- Used only to initiate scheduled scans — never to read, modify or write anything else in your tenant.
- Revocable at any time from your Microsoft Azure portal by removing the ScanPosture app registration; the next scan attempt will fail and you will be notified to reconnect.
UK-hosted, tenant-isolated.
Every record described above is stored in our Supabase region in London (eu-west-2) and isolated to your tenant by row-level security at the database layer.
Supabase London (eu-west-2)
All customer data is stored in our UK region. Application traffic and email delivery route through UK / EU infrastructure end-to-end. There is no US round-trip and no replica outside the United Kingdom.
Row-level security at the DB layer
Every piece of data ScanPosture holds is scoped to your tenant using Postgres row-level security enforced at the database. No other ScanPosture customer can query or read your data, even if a query is malformed at the application level.
When ScanPosture scans your Microsoft environment, it’s like a health check that writes down the results — not one that keeps a copy of your medical records. The check data and the trend history live in ScanPosture. The actual directory objects, user records and configuration items stay in Microsoft.
Questions about anything on this page? hello@scanposture.com