Data Security FAQ
The engines of Virto applications are hosted in Microsoft Azure servers. The apps can be added to your SharePoint site pages or Microsoft Teams channels.
No. All the data is always stored on your side, and we don’t have access to it. Virto apps use delegated permissions or your end users’ permissions. End-users can get access only to the data they are allowed to get in Microsoft 365.
VirtoSoftware doesn’t store your data. The tool can only access the provided permissions when this user works within the Virto app. A private key is generated for this session, and nobody except this user reuses it for future data access: a new private key is generated for a new session.
It’s not applicable: the authentication is done by SSO (Single Sign-On) with a user’s Microsoft 365 account — a unique private key is generated for each new session. It’s impossible to get any data from users outside of your organization. The data is always stored on your side; we don’t store or copy it anywhere.
No, we don’t do penetration testing.
Yes, the data is encrypted with HTTPS.
We do provide remote access for troubleshooting, but it is not required for service maintenance — we always do this from our side. Remote access can be used for extra costs for training purposes. We usually use Microsoft Teams for remote connection.