Nova logoNova

Security

Built for governed Microsoft data environments.

Nova is designed to work with approved Power BI semantic models and existing Microsoft identity and permissions — not to create a second uncontrolled reporting layer.

Architecture & data flow

A simplified view of how Nova is designed to operate within your Microsoft stack.

  1. 1

    User in Microsoft Teams

    Personal chat or @Nova in a channel.

  2. 2

    Microsoft Entra identity

    Work-account SSO — permissions checked before any answer.

  3. 3

    Approved Power BI semantic model

    Governed measures and dimensions — no shadow data layer.

  4. 4

    Optional document upload (Azure Blob)

    Optional

    Board packs and document intelligence only — skipped for semantic Q&A.

  5. 5

    Governed answer in Teams

    KPIs, tables, narrative, and follow-ups — within the user's access.

Microsoft Entra SSO — no separate Nova passwords

Power BI delegated access within each user's permissions

Channel audience policy — fail-closed in shared Teams conversations

Tenant isolation by Microsoft Entra organisation

No bulk model download — queries run against approved semantic models

Uploaded files stored in Azure Blob with configurable retention

Audit trail for usage, billing, and document processing events

Admin controls — disable users, directory sync, workspace allowlists

Support tickets with tenant-scoped visibility

Azure-hosted architecture — OpenAI, Document Intelligence, AI Search

Enterprise security Q&A

Answers for IT, BI, and compliance stakeholders — including document upload, retention, and channel audience policy. See also our Data Retention Policy.

Is customer data used to train public AI models?

No. Nova processes your prompts, query results, and uploaded documents to provide the service. Customer content is not used to train public foundation models. Processing uses Azure OpenAI and other Microsoft Azure services under your deployment configuration.

Where are uploaded files stored?

Board packs and documents uploaded in Teams are stored in Azure Blob Storage (when enabled) with metadata in Azure SQL. Extracted text may be indexed in Azure AI Search for document search. See our Data Retention Policy for default retention periods.

How long is uploaded content retained?

By default, raw uploaded files and searchable document content are retained for 30 days. High-level report memory may be retained for up to 365 days for comparison features. Audit logs are retained for up to seven years. Details are in /data-retention.

How is usage audited?

Nova records usage and billing events in Azure SQL — including query operations, document processing, and credit consumption — visible to admins in the portal.

How are tenants separated?

Each Microsoft Entra organisation (tenant) has an isolated Nova workspace, credit ledger, and configuration. Cross-tenant access is blocked by authentication and portal authorization.

Who can enable Nova for users?

The first user to activate a tenant becomes owner. Owners and admins can manage users, disable access, sync directory users, and purchase credits from the admin portal.

Can Nova access all our data?

No. Nova queries approved Power BI semantic models within the signed-in user's permissions, and applies channel audience checks in shared Teams conversations. Uploaded files are limited to what users explicitly provide in Teams.

How does channel audience policy work?

In channels and group chats, Nova verifies that every visible member has appropriate Power BI access before posting analytical answers. If verification fails, Nova uses private replies or safe fallback cards instead of posting sensitive results to the thread.

Designed for enterprise controls

Nova is designed to respect the governance you have already built into Power BI semantic models. Rather than exporting data to uncontrolled spreadsheets or connecting to arbitrary data sources, Nova queries approved models within the permissions of the signed-in user.

This security-first architecture is designed for organisations where finance, operations, and leadership teams need fast answers — but where data access must remain governed, traceable, and aligned with existing reporting workflows.

Nova is built on Azure-hosted architecture and designed to integrate with Microsoft identity. Specific security certifications and compliance documentation will be provided as part of enterprise deployment discussions — we do not claim final compliance certifications on this marketing site.

Try Nova on your semantic model this week

Activate with $69 free usage credit — no card required. Same feature set on every plan: semantic Q&A, board packs, document intelligence, channel safeguards, and portal governance.

$69 free usage creditNo card requiredUsage-based · not seat-based

$69 free usage credit on activation · Microsoft sign-in · No card required · Or book a demo

$69 credit · start free

No card · usage-based