Your data, isolated by design.

How we keep your Microsoft 365 data safe and what you can ask us about it.

Tenant isolation

Every customer gets a dedicated Microsoft Fabric workspace and Lakehouse for reporting data. The service is designed around tenant-isolated workspaces instead of shared customer rows in one analytical store.

EU data residency

Customer reporting data is configured for EU Microsoft cloud regions through Microsoft Azure and Microsoft Fabric. Limited business, support, booking or operational metadata may be processed by subprocessors as described in the Privacy & Cookie Policy.

Encryption

Data in transit is protected with TLS. Data at rest is encrypted by Microsoft Azure and Fabric platform encryption using Microsoft-managed keys unless another arrangement is agreed in writing.

Microsoft Graph access

NowCloud uses customer admin consent to read authorised Microsoft 365 data through Microsoft Graph. The reporting app is designed for read-only permissions and does not change Microsoft 365 tenant configuration on your behalf.

The exact signals available in a report depend on your subscribed scope, Microsoft licences, enabled workloads, tenant configuration, Graph API availability and the permissions granted by your administrator.

Subprocessors and service dependencies

Core product processing uses Microsoft Azure, Microsoft Fabric, Power BI Embedded, Microsoft Entra and Microsoft Graph. Demo or sales interactions may use email and, when enabled, Cal.com for scheduling. Demo booking services do not receive Microsoft 365 reporting data.

Data Processing Agreement

A DPA is available on request for customers and prospects evaluating NowCloud Reports. Email info@nowcloud.nl and we will send the latest version.

Incident response

In the event of a confirmed personal data breach affecting customer data, NowCloud notifies affected customers without undue delay and, where contractually applicable, within 72 hours after confirmation. Notifications include the known impact, affected data categories and remediation status.

Responsible disclosure

Security researchers and customers can report suspected vulnerabilities to info@nowcloud.nl. Please include the affected URL, reproduction steps and potential impact.

Questions?

For anything not covered here, including security questionnaires, audit support, and subprocessor changes, reach out at info@nowcloud.nl.