Portana — SharePoint Function Extender
Portana SharePoint Function Extender

Security

Security designed for professional SharePoint teams.

Portana is built to operate on your most important data, your SharePoint lists, with safety and control at its core. Your data stays in SharePoint, operations are previewed before they run, and records can be restored when something goes wrong.

Security at a glance

Data stays in SharePoint

Portana is a desktop application that operates directly against your Microsoft 365 SharePoint environment. Your list content is not copied to or stored on our servers.

Encrypted connections

Communication with Microsoft 365 and SharePoint uses encrypted connections (HTTPS/TLS), protecting your data in transit.

Microsoft 365 authentication

Portana authenticates through Microsoft's identity platform using delegated SharePoint permissions. Sign-in respects your organization's existing Microsoft 365 policies, and we never see your password.

Respects your permissions

Portana operates with the delegated permissions of the signed-in user. It cannot access lists or records that the user isn't already authorized to access in SharePoint.

Preview before you commit

Imports run a dry-run validation, and bulk deletes show a clear preview of exactly what will be affected before anything changes, reducing the risk of accidental mass changes.

Rollback snapshots & restore

Delete and deduplication runs create automatic rollback snapshots. You can browse those snapshots and restore items back into your lists, so mistakes don't have to be permanent.

How Portana protects your data

Area What we do
Data in transit Encrypted HTTPS/TLS connections to Microsoft 365
Authentication Microsoft identity platform (delegated); tokens stored securely on the device
Authorization Operations run with the signed-in user's existing SharePoint permissions
Data residency SharePoint content remains in your Microsoft 365 tenant
Safe operations Dry-run/previews before bulk changes; automatic rollback snapshots and restore
Billing Subscription payments handled by Stripe; card details never stored by Portana
Distribution Signed MSIX package, so Windows can verify the publisher

Safe operations by design

Portana is built around the principle that large operations should never be a black box:

  • Dry-run validation and previews show the impact of imports and bulk deletes before you confirm.
  • Real-time progress dashboards keep long-running imports, deletes, and deduplication visible.
  • Automatic rollback snapshots let you restore records removed by delete or deduplication runs.
  • You stay in control of what is created, changed, kept, or removed.

Restore features help you recover records, but they do not replace a proper backup strategy. We recommend maintaining backups of critical SharePoint data.

Your responsibilities

Security is a shared responsibility. To use Portana safely:

  • Keep Windows and Portana up to date.
  • Use Microsoft 365 accounts protected with multi-factor authentication.
  • Grant Portana operations only to trusted users with appropriate SharePoint permissions.
  • Review previews before confirming bulk changes.
  • Maintain independent backups of important data.

Reporting a vulnerability

If you believe you've found a security issue in Portana, please contact us at contact@programini.com . Include steps to reproduce and any relevant details. We take reports seriously and will respond promptly.

Compliance

Portana is built for teams subject to GDPR. How we handle personal data is described in our Privacy Policy. Contact us if you need compliance documentation.

See also: Privacy Policy · Legal Notice