Local collection
The collector runs inside the client environment from an approved host or jump box.
Security
TangleMap is built around local collection and controlled handoff because many Microsoft BI estates cannot expose broad metadata access to an external SaaS tool.
The collector runs inside the client environment from an approved host or jump box.
Read-only access is preferred. Partial scans still produce value when permissions are limited.
The MVP/pilot flow uses a password-encrypted evidence bundle for controlled transfer.
Secrets are not needed in the assessment output. Sensitive values are redacted or omitted.
Configs, local logs, and local execution context remain client-controlled unless explicitly shared.
The current web/API surfaces are local analyst tooling, not a hosted multi-tenant portal.
Password-based bundle encryption is appropriate for bounded pilot handoff when handling is controlled. Final enterprise key management, hosted identity, tenant isolation, audit logging, and export authorization are later productization decisions.
Next step
Use a walkthrough to discuss collector placement, access model, bundle handoff, and what does not leave the client environment.