SECURITY & COMPLIANCE

Built for M365 admins who pay attention to the details.

Maintained by Vatis Documente & Fișiere to answer common questions about security and data handling. This is not an independent certification.

Authentication & access

Sign-in via Entra ID (Microsoft 365). Roles map onto existing Entra groups; no password sync.

Data handling

Vatis processes metadata about sites, libraries, and policies. Document content stays inside your M365 tenant.

Microsoft Graph permissions

Sites.Read.All, Sites.Manage.All, Files.Read.All, and Group.Read.All — explicitly admin-consented. The full list is visible in the admin console.

Hosting & residency

Hosted in the EU on Lovable Cloud. Configuration data and logs remain in the EU.

Audit & provenance

Every provisioning action is logged in the UDIS registry: requester, template, ADO work item, and timestamp.

Subprocessors

Microsoft Azure (EU) and Lovable Cloud. An up-to-date list is available on request via the contact form.

Vulnerability reporting

Report security issues to security@vatis.ro. Initial response within 48 business hours.