Second Opinion: Technical and Compliance Reference

1. What Second Opinion is

Second Opinion is a behavioral analysis tool delivered inside Microsoft Teams. A user uploads a document to the bot and receives a structured analysis of linguistic patterns in the text extracted from that document.

Supported file types are PDF, DOCX, TXT, and VTT (Microsoft Teams meeting transcripts). Files are uploaded through the standard Teams file attachment mechanism inside the bot conversation.

The tool is lexicon-based. It analyzes word usage patterns and has no access to the identity or personal characteristics of any speaker. Second Opinion does not generate recommendations, predictions about individuals, or employment decisions. Output is factual and descriptive only.

2. Publisher identity

Legal entity

Pansophy AI Inc., a Florida corporation.

Microsoft identifiers

Microsoft Partner Network ID: 7098633. Microsoft Seller ID: 94179370. The AppSource listing is published under the Pansophy AI Inc. publisher profile.

Corporate and legal references

• Privacy policy: legal.pansophyai.com/privacy.html
• End User License Agreement: legal.pansophyai.com/eula.html
• Responsible AI policy: legal.pansophyai.com/responsible-ai.html
• Support: legal.pansophyai.com/support.html

Primary contact

Marney Edwards, Founder and CEO. marney@pansophyai.com.

3. Data residency

All data processed and stored by Second Opinion remains within Microsoft Azure's United States data centers. The product is deployed in the Azure East US 2 region.

The full service boundary, including the analysis engine supplied by our processing partner, runs inside our Azure tenant. No customer data is transmitted to infrastructure outside Microsoft Azure.

Components and their regions

• Application logic: Azure Functions, East US 2
• Session and configuration data: Azure Cosmos DB, East US 2
• Static content and assets: Azure Blob Storage, East US 2
• Processing engine: Azure Container Apps, East US 2
• Text extraction: Azure AI Document Intelligence, East US 2
• PII detection and redaction: Azure AI Language, East US 2
• Language model: Azure OpenAI Service, East US 2
• Secrets: Azure Key Vault, East US 2
• Public edge: Azure Front Door (Microsoft global network, origin pinned to East US 2)

Tenant eligibility

Second Opinion is available only to Microsoft 365 tenants based in the United States. AppSource enforces this at the listing level: non-US tenants will not see an install option.

4. Data handling and PII

When a user uploads a file, the following pipeline runs inside the Azure tenant:

1. The file is received through the Microsoft Teams bot channel and held in session state.
2. Text is extracted by Azure AI Document Intelligence for PDF and DOCX files, or by a direct text reader for TXT and VTT files.
3. Extracted text is passed to Azure AI Language for PII detection and redaction. Detected PII is replaced with placeholder tokens.
4. The PII-redacted text is passed to the scoring engine and to the language model.
5. The scoring engine returns trait scores. The language model generates a written opinion using the scores and the PII-redacted text as context.
6. Scores and PII-redacted text are held in session state. The user can request rewrites of the opinion within the session; rewrites reuse the held scores and text without re-running the pipeline.
7. At session close, the uploaded file, the extracted text, and the PII-redacted text are discarded. The derived trait scores and the generated written narrative are retained by Pansophy AI as described in section 10.

What we store

• During the active session: the uploaded file, the extracted text, the PII-redacted text, the derived trait scores, and the generated written narrative. All of these are held in session state for the life of the session to support rewrites.
• Past session close: the derived trait scores and the generated written narrative are retained by Pansophy AI for legal defensibility, model refinement, and ordinary business operations. See section 10 for full retention detail.
• Tenant-level usage counters for metered billing. These are aggregated numbers (documents analyzed, words analyzed), not content.
• A record that a particular user has consumed one of their five free document analyses, to enforce the free-tier limit.

What we do not store

• The uploaded file, after session close.
• Extracted text or PII-redacted text, after session close.
• Copies of any of the above outside the Azure tenant.
• Authentication credentials of any kind.

5. Permissions requested

When a user installs Second Opinion from AppSource, the Microsoft Teams consent screen will display the following permissions. These are the permissions Second Opinion requires to function, and no others.

• Receive messages and file attachments sent to the bot. The user uploads a file to the bot for analysis. The bot must receive that file and the surrounding conversation.
• Send messages as the bot. The bot returns the analysis as a message in the same chat.
• Access basic user profile (display name, tenant ID, Azure AD object ID). Used to enforce the per-user free document analysis limit.

Second Opinion does not request access to email, calendar, OneDrive or SharePoint files outside the bot conversation, channels the user has not invited the bot into, directory information, or any other tenant data. The bot can only read files that the user explicitly uploads into the bot conversation.

6. Authentication

Authentication is handled entirely through Microsoft Entra ID (Azure AD) via Microsoft Teams single sign-on. Users do not create a Second Opinion account, do not set a separate password, and do not enter credentials anywhere outside the Microsoft identity flow.

Pansophy AI Inc. does not store passwords, password hashes, or any other form of user credential.

7. Compliance posture

Second Opinion inherits the compliance posture of the Microsoft Azure platform on which it runs. Azure's certifications, including ISO 27001, SOC 1/2/3, and FedRAMP for covered services, apply to the infrastructure layer.

Pansophy AI Inc. does not currently hold independent SOC 2, ISO 27001, or HIPAA certifications at the application layer. We state this plainly rather than imply otherwise. Application-layer certification is on the roadmap as customer demand warrants.

8. Billing

Second Opinion is billed through Microsoft commercial marketplace metered billing. Your organization is not invoiced separately by Pansophy AI Inc. and does not provide a payment method to Pansophy AI Inc. directly. All charges appear on the Microsoft bill your organization already receives.

• Each user receives five free document analyses, lifetime, at no charge. Rewrites of the same document within an active session are always free.
• After the free analyses are exhausted, usage is billed at $0.0005 per word analyzed, metered through the words_analyzed meter dimension on the marketplace offer.
• There is no subscription minimum and no seat license. Organizations pay only for the words their users analyze.

9. Language model boundaries

The language model used by Second Opinion is Azure OpenAI Service, running inside our Azure tenant.

• The model has no internet access during inference.
• Customer data submitted to the model is not used to train, retrain, or fine-tune any model. This is contractually enforced by the Azure OpenAI Service terms.
• The model is used only to generate the narrative portion of the analysis output. Scoring is performed by deterministic code, not by the model.
• Only PII-redacted text reaches the model. The original uploaded file and the un-redacted extracted text are never sent to the model.

10. Retention and deletion

Second Opinion applies a split retention model. What was submitted by the user (and anything derived from it that could reconstruct the source) is discarded at session close. What Pansophy AI produced from that submission as its own work product is retained.

Discarded at session close

• The uploaded file.
• The text extracted from the uploaded file.
• The PII-redacted version of that text.

None of these are written to persistent storage at any point. They exist only in session state and are purged when the session ends (user-initiated close, new document upload, or thirty minutes of inactivity).

Retained by Pansophy AI

• Derived trait scores produced by the scoring engine.
• The written narrative generated for the user.

These derived outputs are retained for legal defensibility, model refinement, and ordinary business operations, as described in the Privacy Policy. They do not contain the source text. PII was removed upstream of scoring; the retained scores and narrative describe patterns, not content.

Billing and entitlement data

• A record that a user has consumed one of their five free document analyses, associated with their Azure AD object ID and tenant ID.
• Tenant-level aggregated usage counters (total documents analyzed, total words analyzed). Reported to Microsoft commercial marketplace for metered billing.

Deletion requests

An administrator may request deletion of a user's free-tier entitlement record, a tenant's aggregated counters, or derived outputs associated with a user or tenant by writing to marney@pansophyai.com. Deletion requests are processed within seven business days. Uploaded files and extracted text are not subject to deletion requests because they are already discarded at session close.

When the application is uninstalled from a tenant, tenant-level data is retained only for the period required by the Microsoft commercial marketplace terms and is then purged.

11. Revocation and uninstall

An administrator may revoke Second Opinion at any time through the Microsoft Teams admin center or the Microsoft Entra admin center. Revocation immediately terminates the bot's ability to receive messages from any user in the tenant.

Uninstall does not leave behind any uploaded files, extracted text, or PII-redacted text; these are discarded at session close regardless of install status. Derived trait scores, written narratives, billing counters, and entitlement records are retained as described in section 10. To request deletion of any of those, submit a deletion request.

12. Questions

For security, compliance, or technical review questions that are not answered on this page, write to the address below. Please mention that you are an IT administrator reviewing an install request so the response can be prioritized.