Privacy Policy
FlowOversee is a local-first desktop application. It runs entirely on your own device. It does not phone home, contains no analytics, telemetry, crash reporting, or advertising, and sends no data of any kind to the developer or any third party. The only network connections FlowOversee makes are directly from your device to Microsoft's own service endpoints, using your own credentials, to read your own Power Automate and Power Platform data.
Who this applies to
This policy covers the FlowOversee desktop application distributed through the Microsoft Store. FlowOversee is an independent product and is not affiliated with or endorsed by Microsoft Corporation (see the Legal Notices).
What data FlowOversee accesses
When you sign in with your own Microsoft Entra ID (work or school) account, FlowOversee reads data from your organization's Power Platform tenant so it can show it to you:
- Your Power Automate flows — names, run history, run status, error details, and schedules (cloud flows and Power Automate Desktop flows).
- User display names — FlowOversee resolves the user IDs attached to flows (for example, a flow's owner) into readable names via Microsoft Graph, so the app can show "owned by Jane Doe" instead of a GUID. These names are personal information. They are processed only on your device, held briefly in an in-memory cache, and are never written to a remote service by FlowOversee.
- Your own account identity — the signed-in user, used to make authenticated requests.
FlowOversee requests read-only access (Flows.Read.All, User.ReadBasic.All, and Dataverse user_impersonation for discovery). It cannot create, modify, run, or delete your flows.
Where your data is stored
All FlowOversee data stays on your computer, under %LOCALAPPDATA%\FlowOversee\ (i.e. C:\Users\<you>\AppData\Local\FlowOversee\):
| File / folder | Contents |
|---|---|
config.json | Your settings, including the Microsoft Entra application (client) ID and tenant ID you enter during setup. |
msal-cache.bin | Your sign-in tokens, encrypted with Windows DPAPI so they can be read only by your Windows user account on this machine. Written only while "Stay signed in on this device" (Settings → Security) is on — the default. Turn it off and FlowOversee keeps no sign-in data on disk at all. |
logs\ | Local diagnostic logs (rolling files, kept on your machine for troubleshooting). |
folders.json | The flow folders you create to organise your flows — folder names plus the workflow IDs and cached display names of the flows you place in them, grouped by environment. A folders.json.bak copy of the previous version is kept alongside so your folders can be recovered automatically if the live file is ever corrupted. A local convenience layer; never sent anywhere. |
anomaly-state.json | Your anomaly triage decisions — which "Needs attention" findings you've muted, snoozed, or acknowledged (environment ID, flow ID and name, signal type, severity, and when) — and, if you turn on Alerts, the alert monitor's record of the findings it has already reported (environment ID, flow IDs, and signal types per environment) so a restart doesn't notify you about the same finding twice. Keeps an anomaly-state.json.bak copy of the previous version for automatic recovery. Local only; never sent anywhere. |
| Windows notification registration | Created only if you turn on Alerts: a small per-user Windows registration (app name and icon) so Windows can show FlowOversee's toast notifications. Notifications are rendered locally by Windows and contain only your own flow and environment names; nothing is transmitted. Removed by Settings → "Reset application data". |
FlowOversee never transmits these files anywhere.
What FlowOversee transmits, and to whom
FlowOversee communicates only with Microsoft endpoints, directly from your device, to authenticate you and read your data:
login.microsoftonline.com— sign-in (Microsoft Entra ID).api.flow.microsoft.comandservice.flow.microsoft.com— Power Automate cloud flows and run history.graph.microsoft.com— resolving user IDs to display names.globaldisco.crm.dynamics.comand your environment's*.crm.dynamics.com— Dataverse discovery and Power Automate Desktop flow data.
When you click an "open in maker portal" link, FlowOversee opens make.powerautomate.com in your default browser. That is a normal link you choose to follow, not a background data transfer.
Microsoft's handling of the data in these services is governed by the agreement between your organization and Microsoft, and by the Microsoft Privacy Statement. FlowOversee adds nothing to that exchange and copies nothing out of it.
What FlowOversee does not do
- No analytics, usage tracking, or telemetry of any kind.
- No crash or error reporting sent off your device.
- No "call home" to the developer or any server operated by the developer.
- No advertising, and no selling or sharing of your data — ever.
- No accounts, sign-ups, or registration with the developer. FlowOversee has no back-end.
Deleting your data
To remove all FlowOversee data from your machine: sign out, uninstall FlowOversee, and delete the %LOCALAPPDATA%\FlowOversee\ folder. You can also revoke FlowOversee's access at any time from your Microsoft Entra account or by removing the app registration you created for it.
Security
Sign-in tokens are stored using the Windows Data Protection API (DPAPI), tied to your Windows user account. FlowOversee uses Microsoft's official authentication library (MSAL) and, where available, the Windows account broker (WAM) so your credentials are handled by Windows, not by FlowOversee.
Two optional layers are available in Settings → Security: turn off "Stay signed in on this device" to run with a memory-only token cache (nothing app-managed is written to disk; you pick your account each launch), and turn on "Require Windows Hello at launch" to ask for a PIN, face, or fingerprint before FlowOversee opens.
Children
FlowOversee is a professional tool for Power Platform users and is not directed at children.
Changes to this policy
If this policy changes, the updated version will be published at this address and the "Last updated" date above will change.
Contact
Questions about privacy in FlowOversee: [email protected]