Security

Our Security Commitment

Permission Hunter is committed to providing secure handling of your Microsoft 365 data. We implement industry-standard security measures across our platform.

Data Protection

Authentication & Access Control

Microsoft OAuth 2.0

We use industry-standard Microsoft OAuth 2.0 for authentication. Your credentials are never stored on our servers—we only receive access tokens from Microsoft.

Role-Based Access Control (RBAC)

• Granular permission controls for user roles
• Admin, viewer, and custom role definitions
• Principle of least privilege enforced
• Session timeout and automatic logout

Infrastructure Security

• Hosting on trusted cloud infrastructure (Microsoft Azure)
• Network segmentation and firewalls
• Regular vulnerability scanning
• DDoS protection and rate limiting
• Infrastructure monitoring

Application Security

Data Privacy

• Your SharePoint data is processed only as necessary for the service
• Data is stored in your Microsoft 365 environment or our secure servers
• We do NOT sell any data to third parties
• You retain full control over your data
• Data export and deletion capabilities available

Incident Response

We maintain incident response procedures:

• Documented incident response procedures
• Defined escalation and communication protocols
• Post-incident reviews and remediation

Compliance & Certifications

We're committed to achieving industry-standard certifications. Our current practices are aligned with:

• OWASP Security Guidelines
• NIST Cybersecurity Framework principles
• GDPR data protection requirements

We're planning to pursue SOC 2 certification in 2026.

Reporting Security Issues

If you discover a security vulnerability, please contact our security team at: info@permissionhunter.com

Updates to Security Practices

We continuously review and update our security practices. This page will be updated to reflect any significant changes.