Do you have access to our Microsoft 365 tenant?

No. Origami has no access to customer tenants by default. Any access for support requires explicit customer approval and can be revoked at any time.

Does Origami support Microsoft 365 GCC High?

Yes. Origami supports Microsoft 365 GCC High environments and operates entirely within tenant boundaries.

Where does Origami run?

Origami runs inside the customer’s Microsoft 365 tenant using SharePoint Online and the SharePoint Framework (SPFx).

Origami Security & Data Handling

Security overview

Origami Connect is a collection of SharePoint web parts and intranet templates that run entirely inside your Microsoft 365 tenant. It is deployed using Microsoft’s SharePoint Framework (SPFx) and follows the same security, permissions, and compliance boundaries as native SharePoint components.

Origami does not host your data, does not transmit telemetry, and does not have access to your tenant by default.

Where Origami runs

Inside your Microsoft 365 tenant
On SharePoint Online using SPFx
Uses native SharePoint permissions and authentication
No external rendering layers or third-party hosting

Data storage & processing

Origami does not store customer data outside your tenant
All content remains in SharePoint pages, lists, and libraries you control
Origami processes data only at render time to display the components you configure
The exact data processed depends on:
- The web parts you use
- The SharePoint permissions you assign

Telemetry

Origami does not send telemetry, usage analytics, or tracking data to Origami or third parties
No background data collection
No external logging endpoints

Tenant access & support

Origami has no access to your Microsoft 365 tenant by default
Support access is never automatic
If troubleshooting requires it, access is granted only if you explicitly approve it
Any granted access can be revoked at any time

Government & regulated environments

Origami fully supports Microsoft 365 GCC High environments.

Works within GCC High tenant boundaries
No dependency on commercial cloud endpoints
No external data transfer outside the tenant

Origami is used by organizations in government, public sector, and regulated industries where data residency and access controls are critical.

Secure development practices

Origami follows a secure development lifecycle designed for enterprise environments:

Dependency and vulnerability scanning (including third-party libraries)
Peer code reviews before release
Regular package updates for security and compatibility
No runtime code injection or remote execution

Security updates are distributed through updated Origami packages that customers install directly into their tenant.

Compliance positioning

Origami is not a hosted SaaS platform. It runs inside Microsoft 365 and therefore inherits Microsoft’s security, compliance, and data residency controls applicable to SharePoint Online and GCC High environments.

Customers retain full control over:

Authentication
Authorization
Data retention
Audit logs
Conditional access policies

Frequently asked security questions

Does Origami host or store our SharePoint data?

No. Origami runs inside your Microsoft 365 tenant and does not host or store SharePoint content outside your tenant.

Does Origami send telemetry or usage data?

No. Origami does not send telemetry, analytics, or tracking data to Origami or third parties.

Do you have access to our tenant?

No. Origami has no tenant access by default. Any access for support requires your explicit approval and can be revoked.

Does Origami support GCC High?

Yes. Origami supports Microsoft 365 GCC High environments.

Can Origami be removed if we stop using it?

Yes. Origami components can be removed like any SharePoint Framework solution, with no residual data outside your tenant.