Honest Cheetah for Azure DevOps — Privacy & Security

Last updated: February 2026

The Short Version

Your data stays in Azure DevOps. Honest Cheetah for Azure DevOps does not send your data to any external servers. Period.

Download PDF version

How It Works

Honest Cheetah for Azure DevOps is installed from the Visual Studio Marketplace and becomes part of your Azure DevOps organization — just like any other Azure DevOps extension. Once installed, it runs entirely within your Azure DevOps environment.

The extension reads your work item data through the Azure DevOps OData Analytics API and Work API using two read-only scopes:

  • vso.work — read access to work items and backlogs
  • vso.analytics — read access to analytics data

No data is sent to Honest Cheetah servers or any third-party services. Standard browser caching may occur as part of normal web browser behavior.

Authentication & Access Control

Honest Cheetah does not create accounts, manage passwords, or handle authentication in any way. It relies entirely on Azure DevOps and Microsoft Entra ID (formerly Azure Active Directory):

  • Users sign in with their existing Azure AD credentials.
  • Your organization's MFA policies apply automatically.
  • Role-based access controls (RBAC) from Azure DevOps are fully respected — users can only see what they're already authorized to see.
  • Honest Cheetah does not extend, override, or bypass any access controls.

Encryption

All communication between the extension and Azure DevOps uses HTTPS with TLS 1.2+, enforced by Microsoft's infrastructure. Since no data leaves Azure DevOps, there is no additional encryption layer to manage.

External Content

The Honest Cheetah user interface includes links to short documentation and tutorial videos hosted on YouTube. Clicking these links navigates you to YouTube, which is subject to Google's Privacy Policy. No data from your Azure DevOps environment is shared with YouTube.

What We Don't Do

  • We don't store your work item data on our servers
  • We don't transfer data outside of Azure DevOps
  • We don't create separate user accounts or passwords
  • We don't access financial, HR, or any non-work-item data
  • We don't integrate with any third-party services beyond Azure DevOps
  • We don't collect telemetry or usage analytics from your Azure DevOps environment

Data Residency & Compliance

Because your data never leaves Azure DevOps, data residency is determined entirely by where Microsoft hosts your Azure DevOps organization. Honest Cheetah introduces no additional GDPR, HIPAA, or other regulatory obligations.

Auditing

Azure DevOps provides built-in audit logs covering authentication, access, and user activity. Since Honest Cheetah operates within Azure DevOps using standard APIs, all access is captured by Azure DevOps' native auditing capabilities.

Cancellation

If you uninstall Honest Cheetah from your Azure DevOps organization, there is nothing to delete or export from our side — we never had your data.

Questions?

Contact us at support@honestcheetah.com.

Back to Privacy & Security