Security & data handling

Your data never leaves your tenant

Fabric Control runs on operational metadata, not your data — and you control how much of that metadata you share. This page is written for the reviewer who has to sign off before you connect anything.

The core guarantee

Your data stays in your tenant. Only metadata leaves.

The single most important property of Fabric Control: your data content never leaves your Azure tenant. To do its job, the system reads and reports only operational metadata about your environment — never the contents of it.

  • No data content is ever transferred to us. Rows, records, and the contents of your tables and files stay inside your tenant, full stop.
  • Only operational metadata is reported — things like counts, existence, status, size, and configuration. Metadata describes your environment; it is not the data in it.
  • The boundary is enforced inside your tenant, at the moment of collection — before anything is sent — not filtered afterward on our side.
  • Backups never leave either. When you enable Backup, your backups land in your own storage, under your own keys — Fabric Control coordinates the work but never holds a copy.
Egress boundary diagramShutterstock 16:10 · ~640×420
search: "data security boundary shield network blue"
Your choice

You decide how much metadata to share

Beyond the guarantee that your data never leaves, you also control the metadata that does. There's a small baseline the system needs to function — and above that, what you share is up to you.

The required baseline

A minimal set of operational signals is essential — without it, the product simply can't govern, protect, or recover anything. This baseline is deliberately small and contains no data content.

  • What exists — workspaces, items, capacities
  • Status and health — is it up, did it refresh
  • Counts and sizes — enough to protect and recover

Everything above it is optional

Richer metadata unlocks deeper insight, but it's your call. You choose how much detail to expose, and you can dial it back at any time — the deeper the picture you allow, the more Fabric Control can do for you.

  • Share more for richer governance and reporting
  • Share less to stay at the minimum footprint
  • Change your mind whenever you like

The trade is simple and always in your hands: the more you share, the more the platform can tell you — but even at the minimum, your data content never leaves your tenant.

Trust model

You grant access. You revoke it. Immediately.

Client-held credentials

You provision access to Fabric Control using credentials you own and control. We never hold master keys to your environment.

Revoke at any time

Revoking access is yours to do, unilaterally, whenever you choose. The moment you do, Fabric Control's reach into your tenant ends.

Least privilege by design

Fabric Control asks only for the access it needs to do the job you've enabled — nothing broad, nothing standing, no unnecessary scopes.

For your security review

Questions that usually take weeks have simple answers here

Because your data content never leaves your tenant and you control the metadata that does, the hardest questions in a vendor review are already answered.

"Where does our data go?"

Nowhere. Your data content stays inside your tenant, and your backups stay in your own storage under your own keys. There is no data content to trace, because none is transferred.

"What if the vendor is breached?"

What we hold is operational metadata — never the contents of your environment. A worst case exposes information about your estate, not the data inside it.

What you can tell your reviewer

These are architectural facts about what does and doesn't move, not policies you have to take on trust:

  • No data content is transferred to an external system — only operational metadata
  • The metadata footprint is your choice, above a small required baseline
  • Backups remain in your storage, under your keys
  • Access is granted by you and revocable by you, at any time
A note on regulated data

PHI and compliance boundaries

Because your data content never leaves your tenant — and you control the metadata that does — Fabric Control is well suited to regulated environments. Specific compliance obligations depend on your environment and configuration; talk to us about your requirements and we'll walk through exactly what is and isn't shared in your case.

Hand this page to your security team

Then join the waitlist for early access — no card, no data leaving your boundary.