Skip to main content

Security

Key Points

  • Portfolio++ is a read-only Azure DevOps extension
  • No work item or project data is stored outside of Azure DevOps
  • Data is queried dynamically using the Azure DevOps Analytics API
  • All access is performed on behalf of the logged-in user
  • Portfolio++ respects Azure DevOps permissions, with behavior consistent with the Analytics API
  • Limited telemetry and identity data is collected for licensing, diagnostics, and support

For more details, see our data privacy statement.

Data Handling & Storage

Azure DevOps Data

Portfolio++ accesses data directly from your Azure DevOps organization using the Analytics API.

  • Data is queried in real time and is not stored outside of Azure DevOps
  • Portfolio++ does not copy, persist, or export work item content, attachments, or project data
  • All access is performed on behalf of the logged-in user and respects Azure DevOps permissions

Configuration Data

Portfolio++ stores configuration data using the Azure DevOps extension document store.

  • Data is scoped per organization and per extension
  • Data may also be scoped per user (for private roadmaps), other users cannot access user-scoped data.
  • Stores only roadmap configurations, settings, and user preferences
  • Does not include work item or project data

Telemetry Data

Portfolio++ transmits limited telemetry and identity data for licensing, diagnostics, and support.

  • Includes:
    • Azure DevOps Organization GUID
    • Azure DevOps User GUID
    • User name and email address
    • Error reports and usage events
  • Processed using Microsoft Azure services (Application Insights and Log Analytics)
  • Used only for license validation, support, and product improvement

Telemetry does not include Azure DevOps work item content, project data, or attachments.

Authentication & Permissions

Portfolio++ uses the Azure DevOps SDK and security model:

  • API calls are made on behalf of the currently logged-in user
  • The extension respects all Azure DevOps project-level permissions
  • Users must have appropriate access (including Analytics API permissions) to view data

Portfolio++ does not elevate privileges or bypass Azure DevOps security controls.

Third-Party Services

Portfolio++ relies on Microsoft Azure for infrastructure and telemetry processing.

Portfolio++ Pro subscriptions are processed via:
  • Microsoft Azure Marketplace or
  • Stripe

No Azure DevOps work item or project data is shared with third-party services.