Your tenant data never leaves the browser.
M365 Tenant Reporter is designed with a zero-trust privacy model. No data is sent to any server, no analytics are collected, and no session information persists after the browser tab is closed.
Browser-only collection
All Microsoft Graph API calls are made directly from your browser using delegated access tokens. There is no proxy, middleware, or server-side component involved in data collection.
Session-only storage
Report data exists only in browser memory for the duration of your session. Closing the tab, refreshing the page, or signing out removes all collected data immediately.
Local exports only
CSV, JSON, Excel, and HTML files are generated entirely in the browser and downloaded directly to your device. No export data is transmitted to any server.
No server-side database
There is no database, no analytics pipeline, and no telemetry collection. The application is a static site deployed to GitHub Pages with no backend infrastructure.
Read-only permissions
The application requests only read-focused delegated Microsoft Graph scopes. It cannot modify users, groups, licenses, or any other tenant configuration.
Open source
The full source code is publicly available. You can audit the codebase to verify that no data is transmitted, stored, or processed outside of your browser.
Data flow summary
Browser → Microsoft Graph API (with delegated token) → Browser memory → Local file download. At no point in this flow does data pass through a third-party server or persistent storage layer.