Security and data handling
Use export-based assessment without giving Flow Migrator tenant-wide access.
Flow Migrator’s standard assessment model uses customer-provided Nintex workflow exports. That lets enterprise teams evaluate conversion risk, Power Automate limits, connectors, child workflow dependencies, and package readiness without granting broad live access to NAC or Power Platform during initial discovery.
What Flow Migrator uses
| Data type | How it is used |
|---|---|
| Workflow exports | Customer-provided Nintex .nwf, .wf, or NAC export ZIP packages used to analyze workflow structure, triggers, actions, variables, connectors, and dependencies. |
| Generated analysis | Coverage, complexity, connector, Power Automate limit-risk, and remediation findings generated from the uploaded export. |
| Generated package artifacts | Power Automate package output may be generated when the workflow reaches an exportable state and the customer chooses to download it. |
| Credentials | Flow Migrator does not need customer connector credentials or Power Platform tenant administrator credentials for export-based assessment. |
| Power Platform deployment | Customers import packages into their own Power Platform environment and reconnect connection references using customer-owned credentials. |
What is not required for initial assessment
- Power Platform tenant administrator access.
- Customer connector credentials.
- Production SharePoint, SQL, API, or gateway credentials.
- Access to production list items, documents, patient records, or business payload data.
Enterprise review checklist
- Confirm which exports may be uploaded and whether workflow metadata contains sensitive values.
- Confirm data retention and deletion requirements for the evaluation workspace.
- Validate whether live NAC inventory discovery is required or export-based assessment is sufficient.
- Define who owns package import, connection references, gateway access, and production cutover.
Common security questions
| Question | Answer |
|---|---|
| Does Flow Migrator scan the live NAC tenant by default? | No. The standard enterprise-safe motion is export-based assessment. Live NAC tenant/API discovery can be scoped separately if the customer approves the required API/admin access. |
| Is PHI or PII required? | Flow Migrator is intended to analyze workflow metadata and configuration, not patient records or production business payloads. Customers should not upload PHI or unnecessary sensitive data in workflow exports. |
| Does Flow Migrator train models on customer workflow data? | Flow Migrator workflow exports and generated assessments are used to provide the migration service. Customer workflow exports should not be treated as public training data. |
| Can assessment be performed without tenant admin rights? | Yes. Uploading workflow exports for assessment does not require Flow Migrator to be granted Power Platform tenant admin rights. |
| Who validates generated output? | The customer and delivery partner validate generated flows, connector references, remediation items, and runtime behavior before production use. |