velnoro
Sign Up

Security and Trust

Understand how Velnoro protects your data, what access it requires, and how you can audit that access.

Velnoro is designed for organizations that need to trust a third-party platform with access to their Microsoft tenant. This guide explains how Velnoro protects your data, what access it requires, and how you can audit and control that access.

For the full technical security architecture, see the in-app Trust Center.

Key Principles

Read-Only Access

Velnoro never writes to, modifies, or deletes anything in your Microsoft tenant. All API access is strictly read-only. The permissions Velnoro requests only grant the ability to read metadata.

Metadata Only

Velnoro collects asset metadata only: names, types, owners, environments, creation dates, and status information. Velnoro never accesses or stores:

  • Flow definitions or logic
  • App source code
  • Business data processed by flows or apps
  • Chat or conversation content
  • Connector configurations or credentials used by your flows
  • Dataverse table contents

Customer-Controlled Access

You control access through your own Entra ID app registration. You can revoke Velnoro's access at any time by:

  • Deleting the app registration in Azure portal
  • Revoking the client secret
  • Removing admin consent for API permissions

Revoking access takes effect immediately.

Guides

  • Data Protection - Encryption at rest, tamper detection, tenant isolation, and infrastructure
  • Auditing Access - Audit Velnoro's access in Azure, revoke access, and understand data retention
  • Security FAQ - Common security questions and troubleshooting