Trust & Compliance

Privacy First: Your Confidence, Our Commitment

We understand the critical importance of privacy and data security in today's digital landscape.

We're all about keeping your data safe and sound. We're dedicated to maintaining top-notch data protection standards.

Backed by our ISO27001 certification, we strive to provide you with the utmost confidence in our commitment to protecting your sensitive information.

Legal Documents

FAQ

Data Flow Diagrams

Cloud Security

The most important information at a glance

How is the data processed (Data Flow)?

For a comprehensive understanding of the flow and destination of data, please refer to our two data flow diagrams:

For DocumentsCorePack: DCP Data Flow Diagram
For AttachmentExtractor: AE Data Flow Diagram

Which data is processed?

Customers have full control over this aspect whether through DocumentsCorePack's Template Designer or by adjusting settings in AttachmentExtractor. They have the ability to define the data to be processed, potentially including personal information.

Where is the data processed?

This choice is also left to the customer. During service configuration, you choose the data center (location) where the service will operate.
By default, the data center with the optimal bandwidth connection to the customer's Dynamics 365 instance is preselected.

Full list of possible locations

How is the communication secured?

The cloud service communicates securely with Dynamics 365 web services using methods provided by the Dynamics 365 SDK (TLS 1.2, OAuth authentication).

Is there any customer data being stored on your systems (data at rest)?

DocumentsCorePack (DCP):
No. During standard document generation, customer data (e.g. information from Dynamics 365 used to generate documents) is only held in memory and not stored in any environment of mscrm-addons.com

Exceptions:
1. Customer-enabled debugging
2. Large document package requests
3. Customer-activated file storage in an Azure Blob managed by mscrm-addons.com

In these cases, data is securely isolated per service and automatically deleted after 7 days.
By default, documents are stored as annotations in the customer’s Dynamics 365 system or, if enabled, in their own Azure Blob — mscrm-addons.com does not store any data in those cases.

AttachmentExtractor (AE):
No data is ever stored unless debugging is enabled. In that case, the same 7-day deletion policy applies.

Usage Statistics:
We collect usage statistics (e.g. number of generated documents). These contain no document content or personal data and are used for internal analytics and to provide service insights (e.g. template usage) via the customer's service account.

Are there any third-party involvements?

Yes, the service runs on one of our servers hosted in the Microsoft Azure Datacenter.

Third-party compliance: Azure Compliance Overview

Have you conducted an external penetration test?

Yes, a comprehensive gray-box penetration test was performed on the website, service configuration, and Azure infrastructure of https://mscrm-addons.com, in compliance with OWASP Top 10 standards.

The most recent certification can be found here.

See how it works
Here is our complete FAQ sheet for download.