Security: Flow Studio MCP

1 Authentication Model

Flow Studio MCP uses a multi-step authentication flow. No step gives Flow Studio direct access to your Microsoft credentials.

Microsoft sign-in: You sign in with your Microsoft account. Flow Studio never sees your password.

Consent: You approve Power Platform scopes for flows and activity only. No mailbox, calendar, or file scopes are requested.

API key: A per-user API key is issued from your dashboard. It can be revoked at any time.

Delegated calls: Every MCP tool call is made in your security context, subject to your tenant’s access controls and policies.

2 Token Storage

Flow Studio stores two types of tokens:

Token	Storage	Lifetime
MCP API key	Derived on demand; not persisted at rest	Does not expire; revocable from dashboard
Microsoft refresh token	Encrypted at rest in Azure Storage	Until consent is revoked

3 Data Retention

Starter & Pro tiers

Every MCP tool call is a pass-through to the Power Automate API. We do not store flow definitions, run data, or action payloads. Requests are logged for usage metering only (see Log Contents below).

Pro+ tier

Pro+ automatically scans environment and connection inventories. Flow-level data (including trigger and action definitions, run statistics, and governance metadata) is only cached after you explicitly opt in to monitoring on a per-flow basis. We do not cache runtime payloads or connector credentials. On cancellation, API access is revoked immediately. We do not currently apply automatic time-based deletion. Cached data is deleted on request or when the account is closed.

4 Log Contents

We log tool name, timestamp, user identifier, and status for usage metering and operational monitoring.

Not logged: flow definitions, action payloads, connection secrets, or run output data.

Logs are retained while your account is active and deleted on request.

5 Revoking Access

You can revoke Flow Studio's access at any time using either method:

From your Flow Studio MCP Dashboard: disconnect services and your tokens are immediately invalidated
From myapps.microsoft.com: remove Flow Studio consent directly through Microsoft

6 Infrastructure

Hosted on Microsoft Azure: encrypted in transit (TLS 1.2+) and at rest
Stripe handles all payment data. We never see card numbers
Microsoft Entra ID handles identity. We never see passwords

7 Operational Controls

Tenant isolation: customer records are logically isolated by tenant and account identifiers. Each Pro+ subscriber has a dedicated storage partition. No customer can access another customer’s data through the API.
Staff access: production infrastructure access is limited to the founding team. No third-party contractors have access to customer data or production systems.
Environment separation: staging and production environments are fully isolated with separate credentials, databases, and Stripe configurations.
Secrets management: customer refresh tokens are stored separately in encrypted Azure Table Storage. API keys and tokens are never logged.

! Security Incident Contact

If you discover a vulnerability or suspect a security incident, please contact us immediately:

Email: [email protected]

Subject line: [SECURITY] followed by a description of the issue

We aim to acknowledge security reports within 24 hours and provide a resolution timeline within 72 hours.

8 Related

Responsible AI

Data minimization, AI agent transparency, human-in-the-loop, and third-party AI clients.

What data we collect, how we use it, third-party services, and your rights.

Personal Data (cross-product)

How personal data is handled across all Flow Studio products.