Security
Built for governed Microsoft data environments.
Nova is designed to work with approved Power BI semantic models and existing Microsoft identity and permissions — not to create a second uncontrolled reporting layer.
Architecture & data flow
A simplified view of how Nova is designed to operate within your Microsoft stack.
- 1
User in Microsoft Teams
Personal chat or @Nova in a channel.
- 2
Microsoft Entra identity
Work-account SSO — permissions checked before any answer.
- 3
Approved Power BI semantic model
Governed measures and dimensions — no shadow data layer.
- 4
Optional document upload (Azure Blob)
OptionalBoard packs and document intelligence only — skipped for semantic Q&A.
- 5
Governed answer in Teams
KPIs, tables, narrative, and follow-ups — within the user's access.
Microsoft Entra SSO — no separate Nova passwords
Power BI delegated access within each user's permissions
Channel audience policy — fail-closed in shared Teams conversations
Tenant isolation by Microsoft Entra organisation
No bulk model download — queries run against approved semantic models
Uploaded files stored in Azure Blob with configurable retention
Audit trail for usage, billing, and document processing events
Admin controls — disable users, directory sync, workspace allowlists
Support tickets with tenant-scoped visibility
Azure-hosted architecture — OpenAI, Document Intelligence, AI Search
Enterprise security Q&A
Answers for IT, BI, and compliance stakeholders — including document upload, retention, and channel audience policy. See also our Data Retention Policy.
Is customer data used to train public AI models?
No. Nova processes your prompts, query results, and uploaded documents to provide the service. Customer content is not used to train public foundation models. Processing uses Azure OpenAI and other Microsoft Azure services under your deployment configuration.
Where are uploaded files stored?
Board packs and documents uploaded in Teams are stored in Azure Blob Storage (when enabled) with metadata in Azure SQL. Extracted text may be indexed in Azure AI Search for document search. See our Data Retention Policy for default retention periods.
How long is uploaded content retained?
By default, raw uploaded files and searchable document content are retained for 30 days. High-level report memory may be retained for up to 365 days for comparison features. Audit logs are retained for up to seven years. Details are in /data-retention.
How is usage audited?
Nova records usage and billing events in Azure SQL — including query operations, document processing, and credit consumption — visible to admins in the portal.
How are tenants separated?
Each Microsoft Entra organisation (tenant) has an isolated Nova workspace, credit ledger, and configuration. Cross-tenant access is blocked by authentication and portal authorization.
Who can enable Nova for users?
The first user to activate a tenant becomes owner. Owners and admins can manage users, disable access, sync directory users, and purchase credits from the admin portal.
Can Nova access all our data?
No. Nova queries approved Power BI semantic models within the signed-in user's permissions, and applies channel audience checks in shared Teams conversations. Uploaded files are limited to what users explicitly provide in Teams.
How does channel audience policy work?
In channels and group chats, Nova verifies that every visible member has appropriate Power BI access before posting analytical answers. If verification fails, Nova uses private replies or safe fallback cards instead of posting sensitive results to the thread.
Designed for enterprise controls
Nova is designed to respect the governance you have already built into Power BI semantic models. Rather than exporting data to uncontrolled spreadsheets or connecting to arbitrary data sources, Nova queries approved models within the permissions of the signed-in user.
This security-first architecture is designed for organisations where finance, operations, and leadership teams need fast answers — but where data access must remain governed, traceable, and aligned with existing reporting workflows.
Nova is built on Azure-hosted architecture and designed to integrate with Microsoft identity. Specific security certifications and compliance documentation will be provided as part of enterprise deployment discussions — we do not claim final compliance certifications on this marketing site.
Try Nova on your semantic model this week
Activate with $69 free usage credit — no card required. Same feature set on every plan: semantic Q&A, board packs, document intelligence, channel safeguards, and portal governance.
$69 free usage credit on activation · Microsoft sign-in · No card required · Or book a demo