Table of Contents

Architecture and data protection

The Flinker IFC Viewer solutions for Microsoft 365 integrate with SharePoint, Teams, Power BI, and Excel. IFC files are processed in the browser or within the Microsoft 365 service context used by the solution. Flinker receives only the limited technical metadata required for authentication, licensing, support, and anonymized usage analytics.

Privacy model

The architecture is designed so that:

  • IFC model files remain in the storage location selected by the customer, such as SharePoint, Teams, OneDrive, Power BI, or the local browser session.
  • Flinker does not host IFC model files, project documents, drawings, or report datasets.
  • File content is not sent to the Flinker Azure backend for model processing.
  • Technical metadata may be transmitted to Flinker as described in Transmission of technical metadata.

This model supports organizations that require tenant-controlled storage, Microsoft 365 governance, and clear separation between project data and solution telemetry.

Important

Review the product-specific architecture pages for the exact data flow of each solution. The SharePoint, Teams, Power BI, and Excel integrations use different Microsoft 365 hosts and permission models.

Integration and operating model

  • The Flinker IFC Viewer solutions run within your organization's Microsoft 365 environment (SharePoint, Teams, Power BI, or Excel).
  • Installation and all access take place under your IT governance and security settings.

IFC files and project documents remain in the customer's Microsoft 365 storage or local browser session. The Flinker backend receives only the technical metadata required to operate and support the solution.

Processing and protection of sensitive data

  • IFC files, BIM data, drawings, 3D models, project documents, and other project information are stored in the Microsoft 365 locations configured by the customer.
  • IFC content such as geometry, property sets, component data, annotations, and project documents is not transmitted to the Flinker backend for processing.
  • Access to project data is governed by the customer's Microsoft 365 permissions, tenant policies, and identity configuration.
  • Flinker does not provide a separate project-data repository for these solutions.

Technical and organizational measures

  • The solutions use Microsoft 365 standard mechanisms and services, as configured in your environment:
    • Authentication through Microsoft Entra ID.
    • Roles and permissions managed by your existing Microsoft 365 security policies.
    • SPFx web parts that operate in the browser without local installation.
    • Encrypted transport through TLS/HTTPS.
    • EU Microsoft datacenters for EU tenants, according to the customer's Microsoft 365 configuration.

Transmission of technical metadata

To ensure secure authentication and enable anonymous usage analytics, the following technical metadata may be transmitted to the Flinker Azure Backend:

  • Tenant ID (for unique identification of your tenant)
  • (Optional) User email address (only if required for login or support)
  • Anonymized usage and analytics data (such as feature usage frequency. Never any IFC content or project data)

Project data, IFC file contents, and project documents are not transmitted to the Flinker backend as part of model processing.

  • All transmitted metadata is pseudonymized and encrypted.
  • Access is restricted to authorized Flinker GmbH personnel (located in Germany/EU).
  • All processing complies with GDPR, and if required, is governed by a Data Processing Agreement (DPA).

No technical or usage metadata includes any content, geometry, or business data from your files or projects.

Component and data flows

  • User: Accesses the solution via Microsoft Teams, SharePoint, Power BI, or Excel.
  • IFC Viewer solution: Installed and operated directly in your Microsoft 365 tenant.
  • Microsoft 365 Services: Handles authentication, authorization, and storage (e.g., SharePoint, Teams, OneDrive, Lists, Azure AD).
  • Flinker Azure Cloud: Receives only technical metadata for authentication and anonymized analytics, as described above.
  • Azure CDN (Content Delivery Network): Delivers viewer assets (such as JavaScript). No project/user data is exchanged via the CDN.
  • Project data storage: Project data, IFC files, and documents remain in the storage locations configured by the customer.

Microsoft compliance

  • Flinker solutions are reviewed by Microsoft before publication in AppSource, Teams, or the SharePoint Store.
  • The architecture meets Microsoft 365 and Teams Store security and privacy requirements.
  • Flinker regularly updates its solutions to align with evolving best practices and security standards.

Summary

  • Project data remains under the customer's Microsoft 365 governance and storage configuration.
  • Personal data transmitted to Flinker is limited to technical requirements, such as tenant ID and optional user email address, and can be governed by a DPA where required.
  • Technical metadata is protected through encryption, access controls, and internal operational policies.
  • Flinker does not host IFC model files, project documents, or Power BI report datasets for these solutions.
Last updated on 2026-06-04
Raise issue