FlowStudio Responsible AI

Last updated: 2026-04-13
Owner: Flow Studio Solutions, ABN 82 632 928 539

1. Our approach

FlowStudio MCP is built on privacy-by-design and data minimization principles. It provides tools that AI agents can call to work with Microsoft Power Platform APIs using your delegated consent.

FlowStudio MCP is a third-party service. It is not built, endorsed, or operated by Microsoft. It connects to Microsoft Power Platform APIs subject to your organisation’s Microsoft policies, DLP rules, RBAC, and the permissions granted to the signed-in account.

2. What FlowStudio does not access

FlowStudio MCP requests only the Power Platform scopes needed to read and manage flows.

FlowStudio MCP does not request mailbox, calendar, OneDrive, SharePoint file, Teams chat, or broad Microsoft Graph content scopes for the agent request path.

FlowStudio does not store connector secrets. Runtime payloads may be fetched transiently only when a user or agent explicitly asks to inspect run details for debugging.

See the Security Architecture Review for the full authentication model and scope details.

3. AI agent transparency

FlowStudio MCP provides tools, not autonomous AI.

When your AI agent, MCP client, or Copilot-style tool calls FlowStudio MCP:

• The call is made using your delegated Microsoft consent.
• The call remains subject to Microsoft tenant controls, RBAC, and DLP.
• The AI client decides which tool to call and when.
• FlowStudio executes the requested operation through structured tools.
• FlowStudio MCP does not run a server-side large language model for these requests.

4. Error data and service improvement

FlowStudio may analyse MCP tool-call error patterns to improve reliability and agent guidance.

This may include:

• Common API error codes
• Tool names
• HTTP status codes
• Error message patterns
• Malformed input shapes

This does not use connector secrets, run output payloads, or business content inside your flows for AI model training.

FlowStudio does not send your customer data to third-party AI models for training.

5. Human control

FlowStudio MCP is designed so users remain in control:

• Microsoft consent is granted through standard Microsoft OAuth flows.
• Access can be revoked through Microsoft or FlowStudio account controls.
• Monitoring and governance caching are enabled only for configured workspaces and features.
• Write operations should be reviewed before applying changes to production flows.
• Tool calls can be logged for auditability, support, and usage review.

We recommend users review and approve agent-driven changes before applying them to production workflows.

6. Third-party AI clients

FlowStudio MCP is a tool provider. The AI clients that call the tools, such as Claude, GitHub Copilot, ChatGPT, Microsoft Copilot Studio, Copilot Cowork, or other MCP clients, are operated by their respective companies.

FlowStudio does not control how those clients process, store, or use the prompts and responses they handle. Review each client’s own privacy, security, and AI policies.

7. Related pages

• Security Architecture Review
• Privacy Policy
• Terms of Service

For responsible AI questions or compliance review requests, contact support@flowstudio.app.