Data Privacy & Security
Your GPO data never leaves your browser
All XML parsing and analysis runs entirely client-side using JavaScript. No data is uploaded to any server during analysis.
Why GPO Data Is Sensitive
Group Policy XML exports can contain highly sensitive infrastructure information about your Active Directory environment, including:
Identity & Access
- Active Directory domain names
- Security Identifier (SID) values
- User and group account names
- Password policy configurations
- User rights assignments
Infrastructure
- Internal server names and UNC paths
- Network drive mappings
- Printer server paths
- Internal IP addresses
- Registry keys and values
Security Posture
- Firewall rules and exceptions
- Script paths and executables
- Software deployment sources
- Security option configurations
- Audit policy settings
Organizational
- OU structure and naming
- GPO link hierarchy
- Site and domain topology
- Organizational naming conventions
- Internal operational procedures
How We Protect Your Data
1. Client-Side Processing
When you upload an XML file, it is read directly by your browser using the FileReader API. The XML is parsed using the browser's built-in DOMParser, and all analysis (conflict detection, duplicate finding,
setting explanation) runs in JavaScript on your machine. The raw XML is never
transmitted over the network.
2. Data Redaction
If you choose to save a report to your account, the data is automatically redacted before leaving your browser. The following patterns are stripped:
| Data Type | Example | After Redaction |
|---|---|---|
| UNC Paths | \\fileserver01\shares\dept | [REDACTED-PATH] |
| File Paths | C:\Scripts\logon.bat | [REDACTED-PATH] |
| SIDs | S-1-5-21-3623811015-... | [REDACTED-SID] |
| FQDNs | dc01.corp.contoso.com | [REDACTED-HOST] |
| IP Addresses | 10.0.1.50 | [REDACTED-IP] |
| Emails | admin@corp.local | [REDACTED-EMAIL] |
3. What We Store (If You Opt In)
Saved reports include GPO names, setting names and values, category labels,
conflict and duplicate details, link paths, and explanations — all with sensitive
infrastructure data redacted using the patterns above. Domain names, GUIDs, SIDs,
internal hostnames, and file paths are replaced with [REDACTED-...] placeholders before anything leaves your browser.
If the report data is too large, settings and explanations are progressively trimmed to fit storage limits while preserving the most important conflict and duplicate analysis.
4. AI-Powered Summaries
Pro users can optionally generate an AI-powered summary of their GPO audit. Before any data is sent to the AI service, the following protections are applied:
- Automatic redaction — The same redaction engine used for saved reports strips all sensitive infrastructure data (paths, SIDs, IPs, hostnames, emails) before the data leaves your browser.
- Explicit consent — A confirmation dialog is shown on first use each session, explaining that redacted data will be sent for processing.
- Server-side processing — The redacted data is sent to a secure Appwrite Cloud Function, which forwards it to an AI model for analysis. Only the redacted version is ever transmitted.
- No training — Your data is not used to train AI models. It is processed for the sole purpose of generating your summary and is not retained by the AI provider after the response is returned.
- Optional feature — AI summaries are entirely opt-in. The core GPO analysis and conflict detection never send any data off your device.
5. Payments & Billing
Payments are processed securely by Stripe. We never receive or store your full credit card number. Stripe handles all payment information in compliance with PCI DSS standards. The only billing data we retain is your subscription status to manage feature access.
6. Self-Hosted Option
Open Source
Portions of GPO Audit will be made open source so you can inspect how your data is processed. Details coming soon.
Questions?
If you have concerns about data handling or need a security review for your organization, please reach out. We're happy to provide detailed technical documentation about our data processing pipeline.