Privacy Notice
How Vespasian handles customer data
Vespasian processes only the data needed to deliver Microsoft Entra assessment, migration guidance, and compliance evidence workflows.
Data categories we process
- Tenant connection metadata and encrypted credentials required for authorized API access.
- Application identity metadata required for posture assessment and migration recommendations.
- Workspace settings, approval decisions, and activity logs for operational integrity and rollback evidence.
Data we do not intentionally process
- Customer endpoint files, local disks, or non-Entra internal document repositories.
- Direct workstation telemetry unrelated to Entra assessment workflows.
Retention and deletion
- Operational records are retained to support auditability, incident response, and rollback.
- Customers can request tenant disconnect and data deletion workflows through support.
Customer rights and requests
For privacy requests, security questionnaires, or contract support, contact support@vespasian.dev.