This Privacy Notice describes how Knovari Limited ("Knovari", "we", "us", or "our") collects, uses, shares, and stores personal data when an organization or its authorized users use Knovari Sanitizer, our add-in for Microsoft 365 (the "Service"). It covers the application itself; for information about cookies and analytics on our marketing website, please see our Website Privacy Policy.
We have written this notice in plain English. Where a section uses a defined term that has a specific meaning under data protection law (for example "controller", "processor", "personal data"), we use it in the sense given by the UK General Data Protection Regulation ("UK GDPR") and the EU General Data Protection Regulation ("EU GDPR").
1. Who we are
The Service is provided by Knovari Limited, a company registered in England and Wales (company number 16531329), with its registered office at 124 City Road, London, EC1V 2NX, United Kingdom.
For most personal data described in this notice, the customer organization that subscribes to the Service is the data controller and Knovari acts as a processor under a written agreement (typically the Data Processing Addendum incorporated into the customer's order). For a small set of operational data described below, Knovari acts as controller.
You can contact us about this notice or about your privacy rights at privacy@knovari.io.
2. Personal data we collect
We collect the following categories of personal data when an organization deploys the Service and its users sign in:
2.1 Identity and account data
When a user signs in via Microsoft single sign-on, Microsoft Entra ID returns the following claims to the Service:
- Microsoft Entra tenant identifier
- Microsoft Entra user object identifier
- Email address
- Display name
- Role within the customer organization (member or administrator)
2.2 Organization data
We hold a record for each customer organization, including organization name, organization identifier, subscription plan, active status, and timestamps (for example, when the organization was created or last billed).
2.3 User-supplied document content
The core function of the Service is to analyse PowerPoint files that a user opens in the add-in. To do this, we process the content the user submits for analysis, which can include:
- Slide text, table contents, shape labels, and speaker notes
- Embedded images contained in the slides
Document content may incidentally include personal data about identifiable individuals named in the slides (for example, client names or staff names). Customers are contractually responsible for ensuring they have an appropriate basis to upload such material and for not submitting special-category personal data (for example, health or biometric data) without putting appropriate safeguards in place first.
2.4 Tenant configuration
Administrators in each customer organization can configure how the Service behaves. Configuration data includes customer-defined sanitisation rules, placeholder strings used in the sanitised output, optional logo image uploads, and feature entitlements.
2.5 Transient processing data
When a user runs an analysis job, the document content described in section 2.3 is sent to a third-party large-language-model subprocessor for sensitivity classification. Analysis results are retained server-side only for the duration of the job and an associated retention window, after which they are removed (see section 8).
2.6 Operational telemetry
We record application error logs (which contain a tenant identifier only — no end-user identifiers and no document content) and server-side request and job logs with timestamps. Authentication tokens are cached in-memory in the client and are not persisted to disk.
2.7 Storage location
All persistent customer data is held in Microsoft Azure within a single supported region. No customer data is stored outside that region except for transient transmission to the large-language-model subprocessor for analysis (see section 6).
3. How we use personal data and our lawful bases
We only use personal data for the purposes described in this notice and the agreement between Knovari and the customer organization. Our lawful bases under the UK GDPR and EU GDPR are:
- Performance of a contract: to deliver the Service to the customer organization, including authenticating users, applying tenant configuration, classifying document content, and producing the sanitised output the user requested.
- Legitimate interests: to operate, secure, monitor, and improve the Service — for example, generating error and request logs, applying rate limits, and investigating suspected abuse. Where we rely on legitimate interests, we balance them against the rights and interests of the people whose data we process.
- Legal obligation: to keep records and respond to lawful requests as required by applicable law (for example, security and compliance records, tax records, and responses to valid requests from competent authorities).
We do not use document content or other customer personal data to send marketing communications. Marketing on the Knovari website is governed by the Website Privacy Policy.
4. Automated decision-making and AI
The Service uses AI to classify the content of documents, not to make decisions about individuals. The output of the analysis is a classification of slide content (for example, "client identifier", "financial figure"). It does not produce a legal effect or other similarly significant effect on any data subject. A human user always reviews and applies (or rejects) the suggested sanitisation in the add-in before sharing the output.
Our agreement with the third-party large-language-model subprocessor prohibits the use of customer data to train models.
5. How we share personal data
We only share personal data with parties that need it to deliver, secure, or support the Service. Categories of recipients are:
- Cloud hosting provider: Microsoft Azure hosts the application and its databases.
- Identity provider: Microsoft Entra ID authenticates users on behalf of their employer.
- Large-language-model provider: a third-party AI subprocessor that performs the sensitivity classification on document content under contractual terms that prohibit using customer data to train its models.
- Error and performance monitoring: a third-party error-monitoring provider that receives application error events, with content and end-user identifiers redacted before transmission.
- Professional advisers: for example, legal, accounting, and audit advisers under appropriate confidentiality obligations.
- Authorities: where required by law, court order, or to establish or defend legal claims.
- Successor entities: in the event of a corporate transaction (such as a merger, acquisition, or sale of assets), subject to confidentiality and to honouring the commitments made in this notice.
We do not sell personal data, and we do not share personal data for cross-context behavioural advertising. A current list of named subprocessors is available to enterprise customers on request to privacy@knovari.io.
6. International transfers
Persistent customer data is stored in a Microsoft Azure region aligned with the customer's deployment. When a user runs an analysis job, document content is transmitted to the large-language-model subprocessor for processing, which may take place outside the user's region.
Where a transfer involves personal data leaving the United Kingdom or the European Economic Area, we put appropriate safeguards in place — typically the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or an equivalent mechanism recognised under the UK GDPR and EU GDPR. We also assess any supplementary measures needed in light of the destination country's laws.
7. Where data is stored and AI training
All persistent customer data is stored in Microsoft Azure within a single supported region per customer deployment. We do not use customer data — including document content, account data, or telemetry — to train AI models, and our agreements with the AI subprocessor that classifies document content carry the same restriction.
8. How long we keep data
- Identity and account data, organization data, tenant configuration: retained for the life of the contract with the customer organization plus a tail period of 90 days before deletion.
- Document content and analysis results: processed transiently to deliver the analysis job and removed after job completion plus a short retention window of 30 days.
- Operational telemetry (error logs, request logs): retained for 12 months.
- Records we are legally required to keep (for example, contract and tax records) are retained for the period the relevant law requires.
When a customer's contract ends, we delete or return customer data in accordance with the agreement and the timelines above. Backups and disaster-recovery copies follow their own deletion cycle and are not used to extend retention.
9. Your rights
Depending on where you live and the role we play in respect of your data, you have the following rights under the UK GDPR, EU GDPR, and (where applicable) the California Consumer Privacy Act as amended ("CCPA/CPRA"):
- Access: request a copy of the personal data we hold about you.
- Rectification: ask us to correct data that is inaccurate or incomplete.
- Erasure: ask us to delete personal data, subject to exceptions in the law.
- Restriction: ask us to limit how we process your data while a query is resolved.
- Portability: ask us to provide your data in a structured, commonly used, machine-readable format.
- Objection: object to processing based on our legitimate interests.
- Complaint: lodge a complaint with a supervisory authority (see section 13).
Where Knovari acts as a processor on behalf of a customer organization (for example, in respect of document content the customer's user submitted), we will refer your request to the customer organization, who is the controller of that data, and assist them in fulfilling their obligations.
The Service does not currently offer a public self-service deletion or data-export user interface. Requests are operator-assisted: please email privacy@knovari.io with enough information for us to verify your identity and locate your data, and we will respond within the timeframes required by applicable law (one month under UK GDPR / EU GDPR, 45 days under CCPA/CPRA, with limited extensions where permitted).
10. Children's data
The Service is sold to businesses for use by their adult employees and is not directed at children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us at privacy@knovari.io and we will take steps to delete it.
11. Security
We take a layered approach to keeping data safe:
- Encryption in transit: connections between the add-in, our service, and our subprocessors use industry-standard TLS.
- Encryption at rest: persistent customer data is encrypted at rest in Microsoft Azure.
- Tenant isolation: tenancy is enforced through Microsoft Entra ID at the application layer and database row-level controls in our managed cloud database.
- Role-based access for staff: Knovari personnel only access customer data on a need-to-know basis, under role-based access controls and strong authentication.
- Audit logging: administrative and security-relevant actions are logged and reviewed.
- Vendor management: subprocessors are bound by written agreements that include confidentiality, security, and data-protection obligations.
No system is perfectly secure. If we become aware of a personal data breach affecting your information, we will notify the affected customer organization without undue delay and, where required by law, within 72 hours of becoming aware.
12. Changes to this notice
We may update this notice from time to time to reflect changes in the Service, in our practices, or in the law. When we make a material change, we will update the "Last updated" date at the top of this page and, where appropriate, notify customer organizations through the Service or by email at least 30 days before the change takes effect. Minor clarifications and editorial fixes will be published without prior notice.
13. Contact and complaints
For privacy questions, to exercise your rights, or to raise a complaint:
If you live in the United Kingdom and believe we have not handled your personal data properly, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk. If you live in the European Economic Area, you can contact your local data protection supervisory authority.