Measure Killer Measure Killer
Trust Center

Built for IT review. Designed to stay out of your way.

Your data does not leave your machine. Tenant scans are read-only. Documentation below for your security team.

No data leaves your machine

Measure Killer Free runs entirely on your desktop. Your .pbix files, models, and DAX never leave your device — there is no telemetry of model contents.

Read-only access

Tenant scans use Power BI / Fabric admin APIs in read-only mode. We never modify, copy, or move your reports, models, or data.

Customer-controlled

Enterprise scan results are stored on infrastructure you control. You configure retention, access, and export policies. We do not retain copies.

Architecture overview

How the desktop app connects to external services — what leaves your machine and what stays local.

USER'S MACHINE (WINDOWS DESKTOP) Measure Killer Desktop App Python 3.11 Analysis engine Qt 6.7 UI framework SQLite3 Activity logs (local) Local file analysis — .pbix · .rdl · .xlsx (Analyze in Excel) Metadata only: names, DAX expressions, model structure All analysis runs on-device · file contents are never transmitted Local Analysis Services Power BI Desktop / SSAS Mode 1: Single model Mode 2: Shared model on local machine No internet required (offline) XMLA LICENSE VERIFICATION On startup · HTTPS/TLS encrypted ● Primary (v2.9.3+) MK License API (Azure) Azure App Service · HTTPS :443 POST: version · username · license key · public IP ◌ Legacy (optional) Azure Event Hub *.servicebus.windows.net · AMQP/TLS :5671/:443 ◌ Optional License Blacklist measurekiller.com → raw.githubusercontent.com Public IP lookup · ifconfig.me (optional) Used in license payload only · graceful fallback MICROSOFT CLOUD Online modes 3–5 · OAuth2 · Read-only · HTTPS :443 Microsoft Identity (OAuth2 browser login) Power BI REST API api.powerbi.com Datasets, Reports, Admin Fabric REST API api.fabric.microsoft.com Items, Domains, Operations XMLA Endpoint (ADOMD) Power BI Premium / Fabric · HTTPS :443 Metadata only · read-only · no writes or modifications Scan results stored on your infrastructure, not at Brunner BI Access token in request headers · analysis runs locally after fetch AUXILIARY (ALL OPTIONAL) Blocked = graceful fallback · no Power BI data Date / Time (license check) postman-echo.com (primary · HTTPS :443) ↓ time.windows.com (NTP :123) ↓ pool.ntp.org · microsoft.com · cloudfare.com Version Check measurekiller.com HTTPS :443 Startup Message brunner.bi HTTPS :443 No Power BI metadata transmitted via these endpoints Primary license check still required on startup App functions offline if all optional connections blocked LEGEND Required connection (HTTPS/TLS) Optional — graceful fallback if blocked Bidirectional (local XMLA) Green Local · data never leaves machine Blue Microsoft infrastructure · OAuth2 + REST/XMLA Yellow Auxiliary · all optional · no Power BI data Teal Brunner BI license server · minimal metadata only (no Power BI data)

Documents

Everything your security team needs to review Measure Killer.

Security whitepaper →
Architecture, threat model, and data-handling details for IT review.
Privacy notice →
What we collect, what we don't.
DPA template Coming soon
Data Processing Addendum for EU/UK customers.
Sub-processor list Coming soon
Third-party services involved in delivering paid editions.

Compliance

Where we are today, and what we're working toward.

GDPR
Aligned
ISO 27001
In progress
SOC 2
Roadmap

Need something specific for your security review? Contact us and we'll respond within one business day.