At cherryware, data protection and security are a core part of how we build and operate Project Plan. We follow a security-by-design approach, ensuring that your project data stays under your control at all times — and that neither cherryware nor any unauthorized third party can access it without your consent. This architecture also prevents AI training and analytics on your project plan data by design.

Security Architecture for Project Plan in Microsoft Teams

In Microsoft Teams, every project plan is encrypted by an individual key that remains under your control within your tenant.

Overview of the security architecture in Microsoft Teams

Security Architecture for Project Plan in PowerPoint

In PowerPoint, the project plan data is stored in the presentation file itself (.pptx). The file remains on your file system or is stored within your environment, such as SharePoint or OneDrive. If cloud-sync is enabled for a specific plan, the key to decrypt the data is stored in the presentation file and remains under your control.

Overview of the security architecture in Microsoft PowerPoint

Data Processing Agreement

As a processor under GDPR Art. 28, cherryware provides a Data Processing Agreement (DPA) as part of the terms that governs how data is handled. The technical and organisational measures (TOMs) implemented to protect your data are documented in Annex 2 – Technical and Organisational Measures.

Microsoft is our only sub-processor where customer data is stored, as described in Annex 3 – List of Sub-processors. All data resides within Microsoft infrastructure.