Second Opinion for Sales: Technical and Compliance Reference

1. What Second Opinion for Sales is

Second Opinion for Sales is an AI-enabled behavioral analysis service delivered as a Model Context Protocol server. A seller submits the text of a sales conversation, and the service returns a written, sales-tuned interpretation: how the seller came across, what the prospect's language suggests, and concrete next steps to consider.

It is consumed by Model Context Protocol clients, including agents built in Microsoft Copilot Studio. It is not a Teams bot and not a standalone application. There is no end-user UI of our own; the service is reached through the customer's own agent.

The interpretation is grounded in the Big Five behavioral framework. The service has no access to the identity or personal characteristics of any speaker. It produces no automated decisions about any individual. The output is descriptive sales coaching for the seller.

2. Publisher identity

Legal entity

Pansophy AI Inc., a Florida corporation.

Microsoft identifiers

Microsoft Partner Network ID: 7098633. Microsoft Seller ID: 94179370. The AppSource listing is published under the Pansophy AI Inc. publisher profile.

Corporate and legal references

• Privacy policy: legal.pansophyai.com/privacy.html
• End User License Agreement: legal.pansophyai.com/eula.html
• Responsible AI policy: legal.pansophyai.com/responsible-ai.html
• Support: legal.pansophyai.com/support.html

Primary contact

Marney Edwards, Founder and CEO. marney@pansophyai.com.

3. Delivery and connection

Second Opinion for Sales is reached over the Model Context Protocol. The customer connects it to an MCP-capable agent, most commonly an agent built in Microsoft Copilot Studio. Connecting it is a one-time setup an administrator performs once for the tenant.

At a high level, the administrator registers a single-tenant client application in the customer's own Microsoft Entra tenant, grants it delegated access to the Pansophy API, and configures the agent's MCP connector with that client. After that, licensed sellers use the service through the agent.

4. Authentication and authorization

Authentication is handled through Microsoft Entra ID. The customer registers its own single-tenant client application and consents to the Pansophy API. Each request carries a delegated Microsoft Entra token representing a signed-in, licensed user.

• Delegated only. Every call is made on behalf of a signed-in human user. Application-only (client-credentials) tokens are rejected by the gateway. There is no way to call the service without a user identity.
• Customer-controlled client. The client application lives in the customer's tenant, under the customer's control. The customer can revoke its consent or disable the application at any time, which immediately cuts off access.
• Tenant isolation. A token issued for one tenant cannot be used to reach another tenant's subscription or data.

5. Licensing and seats

Second Opinion for Sales is licensed per user (per seat) through the Microsoft commercial marketplace. Microsoft handles the entire billing relationship: payment capture, invoicing, renewals, and seat proration. An organization can pay on its Microsoft invoice, and an individual can self-pay with a credit card through Microsoft's checkout. Either way the payment goes to Microsoft, not to Pansophy AI Inc., which never sees or stores card or payment details.

• Seat assignment is an admin action. Purchasing the subscription does not automatically seat a user. After purchase, an administrator assigns each license seat to a user in the Microsoft 365 admin center. Only seated users can use the service.
• Usage cap. Each seat is limited to 100 analyses per month. The cap is enforced by the service and resets monthly.
• Free trial. A one-month free trial is available through the marketplace listing.

Pricing is shown on the Microsoft AppSource listing. We do not restate pricing on this page.

6. Data residency

All data processed by Second Opinion for Sales stays within Microsoft Azure's U.S. data centers, specifically the East US 2 region. The submitted conversation text is not retained after the request completes.

The full service boundary, including the scoring engine supplied by our processing partner, runs inside our Azure tenant. No customer data is transmitted to infrastructure outside Microsoft Azure, and the service makes no third-party API calls.

Components and their regions

• API gateway: Azure API Management, East US 2
• Application logic: Azure Functions, East US 2
• Session, configuration, and reference corpus: Azure Cosmos DB, East US 2
• Behavioral scoring engine: Azure Container Apps, East US 2
• PII detection and redaction: Azure AI Language, East US 2
• Language model (interpretation): Azure AI Foundry, East US 2
• Secrets: Azure Key Vault, East US 2

At interpretation time, the service retrieves role-specific reference material from a corpus held in Azure Cosmos DB, then generates the written interpretation from the behavioral scores and that material. The reference corpus is Pansophy's own interpretation guidance; it contains no customer data. All retrieval stays inside the Azure tenant.

7. Data handling and PII

The seller supplies the conversation text to analyze, by pasting or selecting it inside their agent. The service does not auto-ingest Teams calls, email, or any other tenant content. There is no background reading of mailboxes or meeting transcripts.

On each request, the following runs inside the Azure tenant:

1. The submitted text is received through the API gateway with a valid delegated token.
2. The text is scrubbed for personal information by Azure AI Language. Detected PII is replaced with placeholder tokens.
3. The PII-redacted text is passed to the scoring engine, which returns behavioral scores.
4. The scores, the PII-redacted text, and role-specific reference material retrieved from our corpus are passed to the language model, which generates the written, sales-tuned interpretation.
5. The interpretation is returned to the agent. The submitted text and its redacted form are discarded once the request completes.

The submitted conversation text is never written to persistent storage. It is scrubbed, scored, and discarded within the request.

8. Permissions requested

Second Opinion for Sales is designed to run without administrator consent. It requests only user-consentable Microsoft Graph permissions and does not request admin-consent scopes.

• Basic profile (User.Read). Identifies the signed-in user. User-grantable, no admin consent.
• No access to mailboxes. The service does not request mail read permissions.
• No access to meeting transcripts. The service does not auto-read Teams call transcripts. Transcript and mailbox auto-ingest would require admin consent and are deliberately excluded.

9. Compliance posture

Second Opinion for Sales inherits the compliance posture of the Microsoft Azure platform on which it runs. Azure's certifications, including ISO 27001, SOC 1/2/3, and FedRAMP for covered services, apply to the infrastructure layer.

Pansophy AI Inc. does not currently hold independent SOC 2, ISO 27001, or HIPAA certifications at the application layer. We state this plainly rather than imply otherwise. Application-layer certification is on the roadmap as customer demand warrants.

10. Language model boundaries

The interpretation is generated by a large language model hosted within our Azure tenant through Azure AI Foundry.

• The model runs inside the Azure tenant and is not reachable from the public internet by users.
• Customer data submitted to the model is not used to train, retrain, or fine-tune any model. This is contractually enforced by the Azure AI Foundry service terms.
• The model is used only to generate the interpretation. Scoring is performed by a separate scoring engine, not by the language model.
• Only PII-redacted text reaches the model, alongside the behavioral scores, the role, and Pansophy's reference corpus. The original, un-redacted text is never sent to the model.
• The interpretation is generated from the behavioral scores and role-specific reference material retrieved from our Azure Cosmos DB corpus. That corpus is Pansophy's own interpretation guidance, not customer data, and the retrieval stays inside the Azure tenant.

11. Retention and deletion

Second Opinion for Sales applies a split retention model. The submitted text, and anything derived from it that could reconstruct the source, is discarded once the request completes. Only anonymous behavioral measurements are retained.

Discarded after the request

• The submitted conversation text.
• The PII-redacted version of that text.

Neither is written to persistent storage at any point.

Retained by Pansophy AI

• The raw behavioral trait scores, with request metadata (role, word count, and an internal correlation id).

The retained trait scores are just numbers. For example: 36, 65, 26, 59, 88. They contain no text from the conversation.

The record carries no user identifier: no name and no Azure AD object ID are stored, so a retained row cannot be tied back to an individual. The OCEAN scores and the written interpretation are not stored at all; both are regenerated from the trait numbers when needed.

These trait numbers are retained for legal defensibility, model refinement, and ordinary business operations, as described in the Privacy Policy. PII is removed upstream of scoring; the retained trait scores describe patterns, not content.

Deletion requests

An administrator may request deletion of retained measurements associated with a user or tenant by writing to marney@pansophyai.com. Deletion requests are processed within seven business days. Submitted text is not subject to deletion requests because it is already discarded after each request.

12. Revocation and offboarding

An administrator can cut off access in any of three ways, each effective immediately:

• Unassign a user's license seat in the Microsoft 365 admin center.
• Cancel the marketplace subscription, which removes all seats.
• Revoke the customer client application's consent, or disable the application, in Microsoft Entra.

Once access is removed, no further requests can be made. Retained behavioral measurements are handled per the retention and deletion terms in section 11.

13. Questions

For security, compliance, or technical review questions that are not answered on this page, write to the address below. Please mention that you are an IT administrator reviewing a deployment so the response can be prioritized.