Privacy Policy

This Privacy Policy explains how Entra Documentation ("we", "our", or "the Service") handles information when you use the app to generate documentation from Microsoft Entra ID. The Service is designed to minimize data collection and to process your tenant data entirely in your browser.

• Authentication via Microsoft OAuth 2.0 (Microsoft Entra ID) using the official Microsoft Authentication Library (MSAL).
• Read-only Microsoft Graph permissions, grouped across six categories (Identity & Directory, Security & Access Control, Privileged Identity Management, Identity Governance, Applications, External Identities). The complete list is available on the Get Started page.
• Entra ID configuration metadata required to render your documentation (users, groups, Conditional Access policies, directory roles, applications, identity governance settings, and related details), fetched read-only at the time of export.

• Your tenant configuration is fetched directly from Microsoft Graph into your browser. The PDF report is rendered locally with jsPDF and streamed to your downloads folder.
• We do not persist your Entra ID configuration data or generated PDFs on our servers.
• For very large exports that exceed platform payload limits, the Service may temporarily stage a JSON copy of your selected configuration in short-lived storage (Vercel Blob) only as needed to assemble the PDF. The file is transmitted over TLS, exists for minutes, and is deleted immediately after generation.
• Access tokens live in your browser's session storage and are used to call Microsoft Graph. We do not persist tokens server-side.

We use Plausible Analytics — a privacy-friendly, cookieless analytics service that does not use personal identifiers or browser fingerprinting. We collect only aggregated, anonymous metrics such as page views, referrers, and device categories to improve stability and usability.

We do not sell or share your configuration data with third parties. Data accessed from Microsoft Graph is used solely to generate your documentation in your browser.

• Authentication is handled by Microsoft OAuth 2.0 via MSAL.
• Only read-only Microsoft Graph permissions are requested.
• Processing is browser-only. The Service has no backend that receives tenant data.

We do not retain your Entra ID configuration data or generated documents. Short-lived blob staging (when used for large exports) is deleted immediately after generation. Standard operational logs may exist temporarily within hosting provider systems.

• You can disconnect at any time by signing out of the app.
• You can revoke the app's permissions from your Microsoft account/tenant at any time to prevent future access.

The Service is intended for professional and enterprise use and is not directed to children.

We may update this policy to reflect improvements or operational changes. If we make material changes, we will update the "last updated" date at the top of this page.

Questions about this policy? Contact us via LinkedIn: @ugurkocde.