Skip to main content
TrustLens is built around the principle that discovery should not create new risk. This page documents exactly what data leaves your environment, what stays inside it, and the controls available to you.

What is collected

For every connected integration, TrustLens collects resource metadata and aggregated telemetry only:
CategoryExamples
Resource identityAgent / model / dataset / repo / device IDs, names, descriptions
ConfigurationTools, instructions, knowledge bases, guardrail policies, access controls, MCP server declarations
Aggregated telemetryRun counts, conversation counts, average latency, error counts, tool-call counts per category
Source provenanceWhich integration produced each record, when it was last synced
Endpoint inventoryPer-device list of installed AI software, signed and reported by the Discovery script

What is never collected

These categories are explicitly excluded by every connector:
  • Prompt or message content sent to any model
  • Model responses or completions
  • The contents of any tool call (input or output)
  • API keys, OAuth tokens, or secret values referenced by configurations (variable names are kept, values are dropped client-side)
  • File contents from source repositories that are not on the agent-config / MCP allowlist
  • Browser history, cookies, session tokens, or any user activity content from managed devices
  • Personally identifiable information about end-users of the agents

Where data is stored

DataStorageEncryption
Inventory and findingsNeuralTrust control plane databaseAES-256 at rest, TLS 1.2+ in transit
Integration credentials (service principal secrets, API keys, GitHub App private keys, Discovery Tokens)Dedicated secrets store with envelope encryptionCustomer-managed keys available on Enterprise
Aggregated telemetryTime-series store, retention configurable per integrationSame as above
Audit logsAudit log store, forwardable to your SIEMSame as above
The default control-plane region matches your tenant’s region (US, EU). For hybrid deployments where the data plane runs in your own cloud account, see Architecture & deployment.

Retention

Data classDefault retentionConfigurable
Current inventory snapshotIndefinite (current state)Cleared when the integration is deleted
Historical inventory diffs90 days30 / 90 / 180 / 365 days
Aggregated telemetry90 days30 / 90 / 180 / 365 days
Audit logs365 daysPer Audit & Compliance policy
When an integration is deleted, all inventory and telemetry tied to it is scheduled for deletion within 24 hours and purged within 30 days.

Network egress

SourceDestinationPortPurpose
NeuralTrust control planeAzure ARM, Microsoft Graph, Power Platform443Read your Azure / M365 metadata
NeuralTrust control planeGCP API endpoints443Read your Vertex AI metadata
NeuralTrust control planeapi.mistral.ai443Read your Mistral resources
NeuralTrust control planeapi.github.com443Read your GitHub repositories
Your managed devicesposture.neuraltrust.ai443Endpoint Discovery script reports
Add posture.neuraltrust.ai to the egress allowlist applied to your managed device fleet. Inbound from NeuralTrust to your environment is never required — all sync flows are NeuralTrust-initiated outbound.

Read-only credentials

Every integration is documented with the minimum read-only roles or scopes required:
  • AzureReader + Azure AI User at subscription scope (granular alternatives documented per integration)
  • GCP Vertex AIroles/aiplatform.viewer and a fixed list of read-only viewer roles
  • Mistral — workspace API key (no roles in Mistral)
  • M365 Copilot — Application User with System Customizer role + AgentInstance.Read.All Graph permission
  • GitHub — GitHub App with contents:read and metadata:read
  • Endpoint Discovery — per-integration Discovery Token, scoped to write only into that integration’s inventory
If a connector is granted broader permissions than required, no additional data is collected — the connector calls the same read-only endpoints regardless.

Revoking access

Revocation is fully under your control and works at the upstream provider:
IntegrationRevoke by
AzureDelete the service principal, or remove its role assignment
GCP Vertex AIDelete the service account JSON key, or remove IAM role bindings
Mistral AIRevoke the API key in admin.mistral.ai
M365 CopilotDisable the Application User in Power Platform Admin Center, or revoke the app registration
GitHubUninstall the GitHub App from the organization
Endpoint DiscoveryRemove the script from your MDM, or rotate the Discovery Token in the TrustLens console
After revocation, the next sync will fail and the integration will be marked Disconnected. Inventory data already collected is retained per the retention policy above and can be deleted immediately by deleting the integration.

Compliance posture

TrustLens inherits the NeuralTrust platform’s compliance program:
  • SOC 2 Type II
  • ISO 27001
  • GDPR — no personal data is collected from end-users of your agents
  • HIPAA-ready when deployed in the hybrid data plane configuration
See Security overview and Data privacy for the full program details.