1. Scope
This Privacy Policy applies to your use of AIMS Advisor for Microsoft Sovereign AI (the “Service”), an AppSource Copilot extension published by Extended Systems, Inc. and developed by its XSI subsidiary. It does NOT apply to: (a) other Extended Systems, Inc. corporate properties at xtendedsystems.com outside the AIMS Advisor product surface, (b) other XSI products including XSI LodeStone or XSI BlindSpot, (c) third-party services you reach via the Service.
2. Plain-language summary
- Stateless. The validator backend does not store the artifacts you submit. Each request is processed and forgotten.
- No customer data sale. Extended Systems, Inc. never sells customer data.
- No tracking, no advertising. No advertising identifiers, no cross-site tracking, no behavioral profiles.
- Telemetry is operational only. Request volume, latency, and error counts via Azure Application Insights. No artifact bodies in logs.
- Microsoft handles authentication. When Entra ID OBO is enabled (V2/GA), authentication tokens are issued and validated by Microsoft.
3. Data we process
| Category | Description | Retention | Lawful basis |
|---|---|---|---|
| Submitted artifacts (IAME envelopes, AIP traces, archetype declarations) | Sent in HTTPS request bodies; processed in-memory; never persisted. | Discarded immediately after response. | Contract performance. |
| Operational telemetry (request count, response status, latency, error type) | Aggregated counters; no artifact bodies; no personal identifiers. | 30 days (Application Insights retention). | Legitimate interest. |
| Tenant identifier (when Entra ID OBO is enabled at GA) | Used for per-tenant API plugin metering and rate limiting. | Billing-period-aligned aggregates only; no per-request retention. | Contract performance. |
| Support correspondence (only if you contact support@xtendedsystems.com) | Email content + sender identity. | 24 months from the last interaction. | Contract performance + legitimate interest. |
4. What we do NOT process
- The semantic content of your submitted artifacts. The validator parses structure but does not interpret payload meaning.
- Personal identifiers of end users behind your Microsoft 365 Copilot tenant. The Service interacts with the tenant principal only.
- Cross-tenant data joins. Each tenant's metering aggregates are isolated.
- Data outside Microsoft Azure regions. All Service infrastructure is hosted in Microsoft Azure US-East.
5. How submitted artifacts flow
- You submit an artifact through the AIMS Advisor Copilot extension.
- Microsoft 365 Copilot calls the API plugin over HTTPS.
- The validator backend (Azure Container Apps in US-East) receives the request, parses the artifact in memory, runs verification logic, and returns a conformance verdict.
- The request is discarded from memory after the response is sent.
- Operational counters (request count, response code, latency) are emitted to Azure Application Insights.
The artifact never persists on disk, in cache, or in any database under Extended Systems, Inc.'s control.
6. Subprocessors
| Subprocessor | Purpose | Region | Privacy commitments |
|---|---|---|---|
| Microsoft Azure | Hosting (Container Apps), telemetry (Application Insights), container registry, identity (Entra ID at GA) | US-East | Microsoft Online Services Data Protection Addendum |
| Microsoft AppSource | Listing distribution + metered billing | Global Microsoft commercial marketplace | Microsoft Commercial Marketplace Publisher Agreement |
Extended Systems, Inc. does not use third-party analytics, advertising, A/B testing, session recording, or behavioral profiling subprocessors.
7. Your rights
Depending on your jurisdiction, you may have rights to access, rectify, erase, or object to processing, and to lodge a complaint with your local supervisory authority. Submitted artifacts are not retained, so access/erasure requests for artifact content cannot be honored — there is nothing to access or erase.
To exercise rights, email privacy@xtendedsystems.com.
8. International transfers
The Service operates from Microsoft Azure US-East. International network transit relies on the safeguards Microsoft Azure provides under the Microsoft Online Services Data Protection Addendum, including the EU Standard Contractual Clauses where applicable.
9. Security
- HTTPS-only ingress (TLS 1.2+); HTTP is rejected.
- Container runs as a non-root user inside Azure Container Apps.
- No customer-data persistence; no operator access to artifact bodies because none exist after the response.
- Application Insights logs protected by Microsoft Azure access controls.
10. Children
The Service is a developer/architect tool not intended for use by children under 16. Extended Systems, Inc. does not knowingly process data from children.
11. Changes to this policy
Material updates land at aims-advisor.xtendedsystems.com/legal/privacy with the “Last updated” date refreshed. AppSource customers receive material updates via the AppSource publisher communication channel.
12. Contact
Privacy questions: privacy@xtendedsystems.com
General support: support@xtendedsystems.com
Mailing address: Extended Systems, Inc., 170 Pearson Lane, McCall, Idaho, 83638-5150, United States