Security & Compliance
Origami Security & Data Handling
Origami runs entirely inside your Microsoft 365 tenant and follows the same security, compliance, and permission model as native SharePoint.
Where Origami Runs
- Inside your Microsoft 365 tenant
- Built on SharePoint Framework (SPFx)
- Uses native authentication and permissions
- No external hosting
Data Handling
- No data stored outside your tenant
- Content stays in SharePoint pages and libraries
- Processed only at render time
- Controlled by your permissions
Telemetry
- No telemetry or tracking
- No analytics sent externally
- No background data collection
Tenant Access
- No default access to your tenant
- Support access is never automatic
- Requires explicit approval
- Can be revoked anytime
Origami is not a SaaS platform — it runs inside your Microsoft 365 tenant and inherits Microsoft’s security, compliance, and data residency controls.
Government & Regulated Environments
- Supports Microsoft 365 GCC High
- No dependency on commercial cloud endpoints
- No external data transfer
- Used in government and regulated industries
Secure Development
- Dependency & vulnerability scanning
- Peer code reviews
- Regular security updates
- No runtime code injection
Customer Control
- Authentication (Entra ID)
- Authorization & permissions
- Data retention policies
- Audit logs & compliance controls
Frequently Asked Security Questions
Does Origami store our data?
No. All data stays inside your Microsoft 365 tenant.
Does Origami send telemetry?
No. There is no tracking, analytics, or external data transmission.
Do you have access to our tenant?
No. Access is never granted unless explicitly approved by you.
Does Origami support GCC High?
Yes. Fully compatible with GCC High environments.
Can Origami be removed?
Yes. It can be removed like any SPFx solution with no residual data.