Security & compliance

Multi-tenant isolation

Tenants share the application tier; they do not share data. The boundary is enforced at the storage layer.

Mechanism

Every request is authenticated, through Entra single sign-on or an approved integration credential, and bound to a verified tenant.
The verified tenant scopes every subsequent operation in that request.
Access is enforced against the record’s tenant on every read and write, including single-record lookups.
A request for another tenant’s record is treated as not found, so the platform does not reveal whether the record exists.

Boundaries

Structured contract data sits in your own Dataverse environment, one per tenant, rather than a shared store distinguished by a tenant marker.
SharePoint stays in your own Microsoft 365 tenancy, and clmSpace reads it under your own access controls.
Caches and the read model are tenant-scoped, so data from one tenant cannot be returned to another.
Logs are tenant-scoped and avoid recording personal data in the clear.

Tenant isolation by default

Access is bound to a verified tenant on every request and enforced on every read and write. Support access runs through per-tenant audit records and explicit, time-boxed grants made by the tenant admin.

Settings · Multi-tenant isolation

Roles & access control

Anthropic data handling