Skip to main content

Data Protection

Your Data Never Leaves Your Tenant

The most important thing to know about data protection in Sensei IQ is this: your data never leaves your Microsoft 365 tenant.

Sensei IQ is deployed as a Power Platform solution inside your own Dataverse environment. All project data, resource data, portfolio records, and user information is stored in Dataverse tables that belong to your organization — in your tenant, in your chosen region, under your governance.

Sensei Project Solutions does not operate a database that stores your data. We do not receive copies of your data during normal operation. We are not a data processor in the traditional sense.

Encryption at Rest

All data stored within Sensei IQ is encrypted at rest by Microsoft Dataverse using AES 256-bit encryption. This encryption is applied automatically to all Dataverse tables, files, and attachments.

Key management for encryption at rest is handled by Microsoft. Your organization can optionally configure customer-managed keys (CMK) through the Power Platform Admin Center if your compliance requirements demand greater control over encryption keys. This is a tenant-level setting your administrators control — it is not specific to Sensei IQ.

There is nothing additional Sensei needs to configure for at-rest encryption. The protection is built into the platform.

Encryption in Transit

All data moving between users and Sensei IQ — and between Sensei IQ's components — is encrypted in transit using TLS 1.2 or higher.

This encryption is enforced by Microsoft Power Platform and cannot be disabled. It applies to:

  • Browser sessions accessing the Power App
  • API calls between Power Apps, Power Automate, and Dataverse
  • Integrations with Microsoft Graph, Teams, and SharePoint
  • External system connectors (Jira, Planner, Wrike, and others)

No cleartext data transmission occurs between any components of Sensei IQ.

Data Residency & Sovereignty

Your data resides in the geographic region you selected when creating your Power Platform environment. Microsoft does not move data across regions without your consent.

This means:

  • If your environment is provisioned in Canada, your Dataverse data stays in Canada
  • If your environment is in the EU, your data remains within EU data centers
  • Sensei IQ does not alter or override your environment's region settings

Your organization is the data controller for all data within Sensei IQ. Sensei Project Solutions is not a data controller or subprocessor for your project data. The data lifecycle — including creation, modification, retention, and deletion — is governed by your organization's policies and your Microsoft tenant settings.

Sensei Access to Your Production Data

Under normal operating conditions, Sensei staff have no access to your Dataverse data. There is no back-door connection to client environments, no replication of client data to Sensei systems, and no telemetry pipeline that transmits business data to Sensei.

When clients request support or implementation assistance, a Sensei consultant may be granted temporary access to a client environment by the client's own administrators. This access:

  • Requires explicit authorization from the client's tenant administrators
  • Is granted through standard Dataverse user assignment within the client's own identity platform
  • Is audited through Microsoft Purview and Power Platform audit logs, which the client controls
  • Can be revoked at any time by the client

Sensei does not retain any form of persistent, standing access to client environments.

Application Telemetry

Sensei IQ uses Azure Application Insights for application-level telemetry — performance monitoring, error detection, and usage analytics. This telemetry is:

  • Limited to application performance data (page load times, errors, event counts)
  • Designed to be free of personally identifiable information (PII) and business data
  • Used by Sensei for product improvement and issue resolution

No project records, resource data, financial information, or user-identifiable business content is included in telemetry.

Data Minimization

Sensei IQ is designed to use only the data it needs for its defined functions — project and portfolio management. It does not collect data beyond what is required to deliver its capabilities. Sensei does not profile users, aggregate data across client tenants, or build derived datasets from client information.