SummitView
Enterprise-Ready Security

Enterprise-Grade Security

SummitView is designed from the ground up for enterprise security requirements. We collect metadata only — never your business data.

Designed for approval by IT, Security, and Data Platform teams.

Designed to Pass Security Review

No inbound connections

Outbound HTTPS only

Read-only Power BI APIs

Cannot modify anything

Metadata only

Never report data

BYOK AI

Off by default

What We Collect

Transparency is core to our security model. Here's exactly what SummitView accesses.

What SummitView Collects

Metadata only — operational metrics for monitoring

  • Workspace names and IDs
  • Dataset names, refresh times, and durations
  • Report names and view counts
  • Gateway names, types, and connection types
  • Capacity utilization percentages (CPU, memory)
  • User activity events (who viewed what report, when)
  • Row counts per table (for anomaly detection)
  • Asset governance metadata (criticality, lifecycle, owners)

What SummitView NEVER Collects

We never access your actual business information

  • Actual report data, visualizations, or business information
  • Database contents, query results, or row-level data
  • User passwords, tokens, or stored credentials
  • DAX queries, M-code, or SQL statements
  • File contents, attachments, or embedded images
  • Personal data beyond name/email from Azure AD profile

How the Agent Works

Our lightweight Windows agent uses read-only access and outbound-only connections.

Your Environment

SummitView Agent

Windows Service

OAuth tokens

Power BI APIs

Read-only access

SummitView Cloud

summitview.app

Vercel (SOC 2)

Supabase PostgreSQL

AES-256 encrypted

Read-Only Access

SummitView cannot modify anything in Power BI — only read metadata

Outbound HTTPS Only

No inbound firewall rules required — all connections are outbound

OAuth Tokens

No credentials stored on disk — uses secure OAuth token refresh

Metadata Only

We never see your actual data — only operational metrics

Network Requirements

Minimal network configuration required. No inbound ports needed.

DirectionProtocolDestinationPortPurpose
OutboundHTTPSsummitview.app443Send metrics to SummitView cloud
OutboundHTTPS*.analysis.windows.net443Power BI REST API calls
OutboundHTTPSlogin.microsoftonline.com443Azure AD authentication
OutboundHTTPSgraph.microsoft.com443Microsoft Graph API (optional)
InboundNoneN/AN/ANo inbound connections required

Infrastructure Security

Built on industry-leading cloud infrastructure with enterprise-grade security controls.

Encrypted at Rest

AES-256 encryption for all stored data in Supabase

Encrypted in Transit

TLS 1.2+ for all network connections

SOC 2 Infrastructure

Vercel and Supabase are SOC 2 Type II certified

Microsoft SSO

Azure AD authentication — no new passwords

Role-Based Access

Owner, Admin, Member, and Viewer roles

Tenant Isolation

Each organization's data is fully isolated

No Shared Credentials

Each user authenticates independently

No Reverse Connections

Agent never accepts inbound connections

Portal Access Control

Consumer portal with separate auth, filtered access, and admin-controlled catalog

AI Security

Bring Your Own Key (BYOK) — SummitView never touches your AI queries.

Your Keys, Your Control

  • BYOK model — SummitView does not operate any AI infrastructure
  • AI queries go directly from your browser to your configured AI provider
  • No data passes through SummitView servers for AI analysis
  • You control which AI provider to use (OpenAI, Azure OpenAI)
  • AI features are optional and disabled by default

Compliance

Building towards enterprise compliance certifications.

Current Security Controls

  • HTTPS/TLS encryption everywhere
  • OAuth 2.0 authentication
  • No credential storage
  • Tenant data isolation
  • GDPR-ready data handling
  • Role-based access control

Compliance Roadmap

  • SOC 2 Type II (planned)
  • ISO 27001 (future consideration)
  • Additional certifications driven by customer requirements
  • GDPR DPA

    Available on request

Formal compliance certifications will be pursued as customer demand and scale warrant.

SummitView is built using SOC 2-aligned security practices from day one, even before formal certification.

Deployment Options

Choose the deployment model that fits your security requirements.

Option A: Cloud Connect

Service Principal

  • No software to install
  • Automatic collection of inventory, usage, refresh events
  • Full refresh status for PPU/Premium/Fabric
  • Get started in 5 minutes

Pro workspace note: Refresh status shows "unknown" for Pro workspaces. Install the Agent for reliable status.

Best for: Quick start, PPU/Premium/Fabric environments

Recommended

Option B: Agent + Cloud Connect

Windows Service

  • Windows Service for detailed monitoring
  • Per-table refresh timing (PPU/Fabric only)
  • Reliable refresh status for ALL license types including Pro
  • Row count tracking and anomaly detection
  • Code-signed installer, MSI for SCCM/Intune

Best for: Full visibility, Pro workspace refresh monitoring, enterprise deployments

Security Documentation

Download our security documentation for your IT review process.

Security Whitepaper

Comprehensive overview of our security architecture

Network Requirements

Firewall rules and network configuration guide

Data Collection Disclosure

Complete list of all data collected by the agent

Agent Installation Guide

Step-by-step installation and deployment guide

View VirusTotal Scan Report

Security Contact

If you have security questions or need to report a vulnerability, contact us at security@summitview.app

Ready to get started?

Start your free trial or contact us for a security review.