“Transform your business with modern, AI-first applications.”
Microsoft Power Apps is a low-code platform for creating and deploying business applications.
The product primarily supports canvas apps and model-driven apps, can be used with little or no code, and can also be extended through custom code, components, and integrations. Typical use cases include internal line-of-business applications, mobile data capture, process-oriented business apps, and app-supported workflows based on Dataverse, Microsoft 365, and other data sources.
MS Power Apps
Transform your business with modern, AI-first applications
Location: USA ⓘ Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052-6399, USA. Relevant for many EEA contexts: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland; registered office: 70 Sir John Rogerson’s Quay, Dublin 2, Ireland.
Power Apps Premium with minimum purchase requirement For large organizations with many users; same core features with enterprise procurement. Other Pay-as-you-go via Azure Usage-based billing for apps, Dataverse storage, and Power Platform meters via Azure Subscription.
Dataverse / AI Builder / Power Platform Add-ons Additional capacities, AI Builder, Dataverse Storage, Power Automate, and other Power Platform extensions per usage.
Per-app license No longer available for new customers since January 2, 2026; existing customers must check status and renewal.
Target audience
Microsoft Power Apps is aimed at business departments, app makers, power users, IT teams, and professional developers who want to digitize internal business processes or make existing systems more usable through an app interface. The tool is especially relevant for companies that already use Microsoft 365, SharePoint, Dataverse, Dynamics 365, or the rest of the Power Platform. Typical roles include operations managers, sales teams, finance departments, customer service teams, administrators, and low-code developers.
Outstanding features
What stands out is the combination of Canvas Apps, model-driven apps, generative app creation, Copilot support, the connector ecosystem, Dataverse integration, and enterprise governance. Microsoft also highlights current AI features such as Smart Paste, AI Record Summaries, data exploration with agents, Agent Feed, as well as the ability to create apps using natural language, drag-and-drop, or custom code. For developers, the Power Apps Component Framework is also important, as it allows them to build their own code components for Canvas and model-driven apps.
Key use cases
According to Microsoft, Power Apps is used for finance, sales and marketing, human resources, operations, frontline work, and customer service, among other areas. In practice, this means budget and forecast apps, sales and productivity apps, mobile data capture, inventory and audit processes, internal line-of-business applications, service case handling, as well as app-supported workflows with data from Microsoft and third-party systems. Thanks to hybrid connectivity via gateway, the product is also suitable for organizations that need to continue using on-premises data sources.
Usage & notes
For makers, Power Apps starts at make.powerapps.com; there, apps can be built from data, templates, or natural language. For productive use, licensing should be planned properly at an early stage, because Basic, Premium, Pay-as-you-go, AI Builder, and Copilot Credit models can quickly become complex. From a data protection perspective, it is important to choose the region/geo deliberately, review the EU Data Boundary documentation, and activate GenAI/Bing/cross-region settings only after approval by data protection and IT. The Developer Plan is good for prototypes, but not a substitute for a productive licensing strategy.
| Target audience | Assessment |
|---|---|
| Business departments / Citizen Developers | Very suitable – for internal apps without traditional software development. |
| SMEs | Very suitable – especially when using Microsoft 365, Teams, SharePoint, or Dataverse. |
| Large enterprises | Very suitable – because of governance, DLP, Dataverse, environments, admin controls, and Microsoft cloud compliance. |
| IT teams / process automation | Very suitable – for low-code apps, data models, connectors, workflows, and Copilot-supported app creation. |
| Private individuals | Rather unsuitable – Power Apps is primarily business/enterprise low-code. |
Hosting & Data
1) On-prem / local hosting
Meaning: The company operates the solution on its own hardware or within its own infrastructure. In the strictest sense, not only the application runs locally, but ideally the model as well.
2) Private cloud / data center
Meaning: The solution runs in a dedicated or more clearly separated cloud environment, often with a hosting provider or hyperscaler, but in a German data center or in a particularly controlled environment.
3) EU SaaS / managed
Meaning: The provider operates the solution itself as a service. The company uses the tool as a ready-made cloud service, ideally with EU data residency.
4) Hybrid
Meaning: One part of the processing remains internal / local / in a private cloud, while another part runs in an external cloud or EU SaaS.
5) AVV / DPA
Meaning: This is the data processing agreement or Data Processing Addendum. It governs that the provider processes personal data on behalf of the customer and is bound by the customer's instructions.
6) No training
Meaning: The provider does not use your prompts, uploads, attachments, chat histories, or outputs for training or improving the general model — ideally excluded by contract.
7) Open-source / transparency path
Meaning: There is a path toward greater technical transparency and sovereignty, for example through:
- open models
- documented components
- self-hostable parts
- traceable architecture
- export / switching options
| On-prem / local hosting | ❓ |
| Private cloud / data center | ⚠️ |
| EU SaaS / Managed | ✅ |
| Hybrid | ✅ |
| DPA / AVV | ✅ |
| No training on customer data | ⚠️ |
| Open source / transparency path | ⚠️ |
On-premises / local hosting: indirect / not available
A complete on-premises/self-hosted deployment of Power Apps as a complete product is not specified on the website. Only an on-premises Data Gateway is documented as a bridge to local data sources.
Private Cloud / Data Center: Partially
Microsoft documents advanced security and isolation features for managed environments, such as virtual network support and customer-managed encryption keys. This is a more controlled cloud environment, but it is not described on the website as a dedicated customer private cloud in the strict sense.
EU SaaS / Managed: Covered
Microsoft operates the Power Platform as a cloud service and documents data residency, geo-selection, and the EU Data Boundary for the Power Platform. When the tenant and all environments are deployed within an EU/EFTA geo, a managed SaaS operation close to the EU is provided.
Hybrid: Covered
Microsoft explicitly documents hybrid scenarios via the On-Premises Data Gateway, which allows Power Apps to access on-premises resources while the service itself runs in the cloud.
AVV / DPA: Covered
Microsoft publishes the “Microsoft Products and Services Data Protection Addendum (DPA)” and states that data processing and security terms are governed by it.
No Training: Partially
For Copilot/AI features in Dynamics 365 and Power Platform, Microsoft documents that prompts, responses, and customer data are not used to train Microsoft or third-party models unless the user opts in to share their data. Beyond this AI-related documentation, the website does not specify a general, product-wide exclusion for every conceivable use of data.
Open Source / Transparency Path: Partial
A transparency path is partially in place because Microsoft documents Power Fx as open source. However, for MS Power Apps as a whole, the website does not mention a complete open-source release or self-hostable core components.
Data Processing
MS Power Apps is documented on the website as a Microsoft cloud service within the Power Platform. Data is processed in Power Platform environments; environments can be assigned to a specific geographic region. Microsoft describes global data centers, replication within a specific geographic region for resilience, and EU/EFTA data processing within the framework of the EU Data Boundary. Hybrid connections to local systems are possible via the On-Premises Data Gateway. For Copilot/AI features, Microsoft states that processing occurs in Azure and that the non-use of customer data for model training—without requiring opt-in—is governed by contractual and documentary provisions.
Conclusion
For a European tool directory, MS Power Apps cannot be generally considered fully GDPR-compliant, but it can be used under certain conditions with proper documentation. The best available approach is deployment with a tenant and environments within the EU Data Boundary or an appropriate EU/EFTA geo, supported by a DPA/AVV, governance settings, and careful monitoring of connected services. Because on-premises deployment is not documented and Microsoft itself cites exceptions and configuration dependencies, the overall assessment is conditional.
Sources
- https://www.microsoft.com/en-us/power-platform/products/power-apps/
- https://learn.microsoft.com/en-gb/power-platform/admin/wp-compliance-data-privacy
- https://www.microsoft.com/en-us/trust-center/privacy
- https://www.microsoft.com/en-us/trust-center/privacy/data-location
- https://learn.microsoft.com/en-us/privacy/eudb/eu-data-boundary-learn
- https://www.microsoft.com/en/trust-center/privacy/european-data-boundary-eudb
- https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA?lang=1
- https://learn.microsoft.com/en-us/power-platform/admin/powerapps-privacy-export-dsr
- https://learn.microsoft.com/en-us/power-platform/admin/governance-considerations
- https://learn.microsoft.com/en-us/power-platform/admin/about-lockbox
- https://learn.microsoft.com/en-us/power-apps/maker/canvas-apps/gateway-reference
- https://learn.microsoft.com/en-us/power-platform/admin/wp-onpremises-gateway
- https://learn.microsoft.com/en-us/dynamics365/transparency-note-copilot-data-security-privacy
- https://learn.microsoft.com/de-de/power-platform/faqs-copilot-data-security-privacy
- https://www.microsoft.com/en-us/power-platform/blog/2021/11/02/power-fx-open-source-now-available/
| On-prem / local hosting | ❓ |
| Private cloud / data center | ⚠️ |
| EU SaaS / Managed | ✅ |
| Hybrid | ✅ |
| DPA / AVV | ✅ |
| No training on customer data | ⚠️ |
| Open source / transparency path | ⚠️ |
On-premises / local hosting: indirect / not available
A complete on-premises/self-hosted deployment of Power Apps as a complete product is not specified on the website. Only an on-premises Data Gateway is documented as a bridge to local data sources.
Private Cloud / Data Center: Partially
Microsoft documents advanced security and isolation features for managed environments, such as virtual network support and customer-managed encryption keys. This is a more controlled cloud environment, but it is not described on the website as a dedicated customer private cloud in the strict sense.
EU SaaS / Managed: Covered
Microsoft operates the Power Platform as a cloud service and documents data residency, geo-selection, and the EU Data Boundary for the Power Platform. When the tenant and all environments are deployed within an EU/EFTA geo, a managed SaaS operation close to the EU is provided.
Hybrid: Covered
Microsoft explicitly documents hybrid scenarios via the On-Premises Data Gateway, which allows Power Apps to access on-premises resources while the service itself runs in the cloud.
AVV / DPA: Covered
Microsoft publishes the “Microsoft Products and Services Data Protection Addendum (DPA)” and states that data processing and security terms are governed by it.
No Training: Partially
For Copilot/AI features in Dynamics 365 and Power Platform, Microsoft documents that prompts, responses, and customer data are not used to train Microsoft or third-party models unless the user opts in to share their data. Beyond this AI-related documentation, the website does not specify a general, product-wide exclusion for every conceivable use of data.
Open Source / Transparency Path: Partial
A transparency path is partially in place because Microsoft documents Power Fx as open source. However, for MS Power Apps as a whole, the website does not mention a complete open-source release or self-hostable core components.
Data Processing
MS Power Apps is documented on the website as a Microsoft cloud service within the Power Platform. Data is processed in Power Platform environments; environments can be assigned to a specific geographic region. Microsoft describes global data centers, replication within a specific geographic region for resilience, and EU/EFTA data processing within the framework of the EU Data Boundary. Hybrid connections to local systems are possible via the On-Premises Data Gateway. For Copilot/AI features, Microsoft states that processing occurs in Azure and that the non-use of customer data for model training—without requiring opt-in—is governed by contractual and documentary provisions.
Conclusion
For a European tool directory, MS Power Apps cannot be generally considered fully GDPR-compliant, but it can be used under certain conditions with proper documentation. The best available approach is deployment with a tenant and environments within the EU Data Boundary or an appropriate EU/EFTA geo, supported by a DPA/AVV, governance settings, and careful monitoring of connected services. Because on-premises deployment is not documented and Microsoft itself cites exceptions and configuration dependencies, the overall assessment is conditional.
Sources
- https://www.microsoft.com/en-us/power-platform/products/power-apps/
- https://learn.microsoft.com/en-gb/power-platform/admin/wp-compliance-data-privacy
- https://www.microsoft.com/en-us/trust-center/privacy
- https://www.microsoft.com/en-us/trust-center/privacy/data-location
- https://learn.microsoft.com/en-us/privacy/eudb/eu-data-boundary-learn
- https://www.microsoft.com/en/trust-center/privacy/european-data-boundary-eudb
- https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA?lang=1
- https://learn.microsoft.com/en-us/power-platform/admin/powerapps-privacy-export-dsr
- https://learn.microsoft.com/en-us/power-platform/admin/governance-considerations
- https://learn.microsoft.com/en-us/power-platform/admin/about-lockbox
- https://learn.microsoft.com/en-us/power-apps/maker/canvas-apps/gateway-reference
- https://learn.microsoft.com/en-us/power-platform/admin/wp-onpremises-gateway
- https://learn.microsoft.com/en-us/dynamics365/transparency-note-copilot-data-security-privacy
- https://learn.microsoft.com/de-de/power-platform/faqs-copilot-data-security-privacy
- https://www.microsoft.com/en-us/power-platform/blog/2021/11/02/power-fx-open-source-now-available/
Strengths & weaknesses at a glance
| Strengths | Weaknesses |
|---|---|
| • Very broad low-code spectrum from drag-and-drop to custom code. | • The Developer Plan is explicitly for development and testing, not intended as a regular production license. |
| • Strong Microsoft integration including Dataverse, Microsoft 365, Dynamics, Power Platform, and connectors. | • The Basic/Dataverse base capabilities included in some Microsoft 365 licenses are not sufficient for standalone custom apps or premium connectors. |
| • Governance, DLP, audit, and admin features for enterprise rollouts. | • Licensing is comparatively complex because Premium, Pay-as-you-go, AI Builder Credits, Copilot Credits, and legacy/per-app scenarios interact. |
| • Hybrid connection of local data sources via gateway. | • No true self-hosting of the platform; local systems are connected, but the app platform itself remains Microsoft SaaS. |
| • Free Developer Plan for development and testing. | • In certain GenAI/Bing/cross-region scenarios, additional data protection and approval reviews are required. |
Reviews
0 reviews in total
There are no confirmed reviews for this tool yet.
Submit review
Your review will only become visible after email confirmation. This protects the portal against abuse.
Report review
Please select the reason why this review should be checked.
GDPR-compliant usage possible?
From the perspective of a user in Europe, using MS Power Apps in compliance with the GDPR is generally possible, but it depends on specific configurations and contractual arrangements. The Microsoft website provides a DPA, information on subprocessors, data residency options for Power Platform, and the EU Data Boundary for Power Platform. At the same time, Microsoft itself points out that data can be replicated within a selected geo, that certain user actions may expose data outside the geo, and that classification within the EU Data Boundary depends on tenant and environment deployment.
Positive
Positive aspects include the published Microsoft Products and Services Data Protection Addendum (AVV/DPA), the documented subprocessor structure, the ability to choose a data location or geo for Power Platform, the EU Data Boundary for Power Platform, and documented data subject rights and export functions. For Copilot/AI features, Microsoft also documents that customer data is not used to train Microsoft or third-party models unless the customer opts in to data sharing.
Negative
A negative or limiting aspect is that GDPR-compliant use does not automatically follow from standard use. Microsoft itself describes limited exceptions for transfers outside the EU Data Boundary, the dependency on billing address, tenant geo, and environment deployment, as well as the possibility that users or connected services may expose data outside the geo. The website does not specify whether Power Apps is available as a fully local deployment as a complete product.
Server Location
Microsoft lists several global data centers and geographic locations for the Power Platform. For EU/EEA-relevant use, Microsoft specifies the EU Data Boundary with data centers in EU and EFTA countries, including Austria, Belgium, Denmark, Finland, France, Germany, Greece, Ireland, Italy, the Netherlands, Norway, Poland, Spain, Sweden, and Switzerland. According to the website, the specific assignment for Dynamics 365 and Power Platform depends on the billing address as well as the deployment of the tenant and all environments within a geo location inside the EU Data Boundary.