Security FAQ about Document Converter tools

How does Nutrient’s Document Converter for SharePoint Online connect to the customers’ SharePoint lists and libraries?

It depends on which integration you use: our SharePoint Online user interface or Power Automate actions.

  • For SharePoint Online: When a customer’s SharePoint environment instructs our software to process a file, our servers retrieve the document from the SharePoint site using a secure connection. The file is then processed and sent back to the SharePoint environment, after which point it’s deleted from our servers. Nutrient doesn’t store or retain customer files once the operation has completed, and our software cannot access customer systems unless the request is initiated by the customer.
  • For Power Automate: Our software runs as a step in your workflows and has no control or knowledge of where source files (passed in as binary blobs) come from, or where the destination files go in the next step. Our software has no access to your SharePoint environment. You retain full control.

Where is a list of the geographic locations where data may be stored, backed up, and accessed from? Do we have any choice over where data is stored?

We currently perform data processing with Azure infrastructure based in the US, Canada, Europe, and Australia. Other regions — including Asia, South America, and Germany — are only available on request via custom subscriptions.

  • Customers with a Professional or Enterprise subscription can choose the geographic region to process files. This is ideal for companies that must process their data in their own territory. Customers without an Enterprise subscription don’t have an option to choose in which geographic location their data is processed.

Who owns the data customers store in your service?

You exclusively retain all legal rights to your data, including the data that you input and we store for the purpose of using Nutrient Document Converter. For specific legal language, refer to our Master Services Agreement and/or Data Processing Terms(opens in a new tab).

Can we export our data out of your service?

Our service is stateless and doesn’t retain documents after they’ve been processed. As such, Document Converter servers don’t store your files, and we don’t have any persistent document data to provide to you. We do maintain audit logs with minimal metadata about processing activity. We will share the log files only if requested by the Primary user of the Tenant or at the receipt of a legally enforceable subpoena.

What metadata is stored in audit logs?

The following information is stored in our audit logs - User ID (email)

  • Client IP
  • Source file path and name
  • Operation type and result code
  • Request time and operation duration
  • Request and result size
  • Exception data (for example, stack trace from backend server in the event of an error)
  • Passwords, API tokens, and other sensitive information are anonymized.

How do you secure this data in transit?

Communications between SharePoint or Power Automate and our service happen via REST API. These connections are secured via industry-standard TLS encryption, as you’d expect from any modern web service. Your documents that are requested for conversion to PDF are sent over a secure encrypted HTTPS communication channel to our Nutrient conversion service hosted in Azure.

Nutrient doesn’t store or retain customer files once an operation has completed.

How do you secure data at rest?

Document Converter doesn’t store or retain customer files once an operation has completed. Files are stored only for the duration of the operation in Azure blob storage (for queuing) and temporary files on virtual machines (while processed). Access to both blob storage and virtual machines with temporary files are restricted by networking and strict access controls.

Who will you allow to access customer data and for what purpose — for example, supplier personnel or subcontractors?

Document Converter doesn’t store or retain customer files once an operation has completed, so we have very little data we’re able to provide upon request. We do maintain audit logs with minimal metadata about processing activity. We’ll share the log files only if requested by the Primary user of the Tenant or at the receipt of a legally enforceable subpoena.

How are customer documents transferred to and returned from Nutrient’s servers?

Your documents that are requested for conversion to PDF are sent over a secure TLS-encrypted REST API request to our Nutrient conversion service hosted in Azure. The files are processed, the converted file is sent to you, and the source files are deleted. For a visual overview of the process, request access to our Trust Center(opens in a new tab) and view architecture diagrams under the Documents > Low-Code (formerly Muhimbi) folder accessible from the left navigation panel.

Is data shared with any third parties during the processing of documents?

No. Document Converter is a self-contained service that doesn’t communicate with any third parties during document processing.

How does Nutrient certify all customers’ documents are deleted after they’re processed?

Nutrient’s servers don’t store your files, and all intermediate files are removed. Refer to the following page for additional information: How does Document Converter Online deal with private documents?(opens in a new tab)

What are your terms for deleting customer files from your site? Is this activity audited by a third party?

Nutrient’s servers don’t store your files, and all intermediate files are removed. For more information, see our Privacy Policy(opens in a new tab).

Are there any third parties involved in relation to the services provided?

A third-party/subprocessor list can be found in our Privacy Policy(opens in a new tab).
Details for third party and open source licenses can be found at https://www.nutrient.io/legal/(opens in a new tab).

Are there portable/media devices used to access, store, or process customer data — for example, USB, backup tapes, DVDs?

No.

Do you support the use of or integration with customers’ single sign-on (SSO) solutions — for example, SAML 2.0 — to your service?

The short answer is yes. We work on top of SharePoint and if a user can access the files, our service/editor can process/open the file.

  • For Document Converter Online, an administrator must install the Nutrient component into their SharePoint Online tenant/site. From that point, the Nutrient application leverages the Microsoft SSO facilities of the customer’s SharePoint environment. When invoked, the application runs within SharePoint Online as the end user (every operation is user initiated), and each action is strictly limited to the SharePoint Online permissions of the user who invoked the Document Converter operation. A user cannot perform actions in the integration that they do not already have SharePoint permissions to perform.

  • The backend part of our application verifies that:
    1. The initiating user is authenticated
    2. The user belongs to a SharePoint Online tenant that’s allowed to execute the required operation.
    The backend is presented with the data resolved (authenticated and authorized) inside the users’ SharePoint online system by the actual user. Our backend application does not and cannot pull any additional information out of the users’ SharePoint Online system on its own without user initiation. General flow:

  • User initiates operation inside their SharePoint Online environment and resolves all input.

  • The frontend portion of the application sends the information to our backend.

  • The backend performs the processing operation requested.

  • The frontend receives the result of the operation from our backend.

  • Depending on the operation, the result is saved within SharePoint (using the user’s identity again) or returned to the user’s browser.
    Points 1,2,4, and 5 all occur inside SharePoint Online and are governed by SharePoint’s access control.

There are some tasks (configuration and setup) that require more access to the customer’s SharePoint tenant. However, admins are adequately notified and must manually approve access (this feature is built into SharePoint).

For Document Editor Online, users can install Nutrient Document Editor into their SharePoint Online environment. At the time of installation or at the point of the first operation, users are presented with the consent screen, which details all the permissions the Nutrient application needs to operate correctly. From that point, Nutrient Document Editor leverages the SSO facilities of the customer’s SharePoint Online environment.

Our application uses OAuth 2.0 for authentication and authorization.