Data access / security for Org Chart

I understand that the org chart is entirely client side. I was wondering if the access is determined by the logged in user. So if a user is not given permissions to view users, would they have no results in the org chart? I assume that this would be the case as everything else in SharePoint, but wanted to make sure it wasn't running under the credentials of the user who uploaded it to the App Catalog, for example.

As a developer, I understand that it wouldn't really make any sense to do this, I'm looking for a statement of this for our security team.

Hello!

No, the user which views an Org Chart page or uploads the solution in App Catalogue (if he/she is allowed to do so at all) doesn't affect the displayed chart.

I would like to specify that my reply relates only to the case when Org Chart gets data from user profiles because, by default, they are available for all users. In the case of a SharePoint list data source, user permissions on it will affect the working of Org Chart.

Thanks, that makes sense. Somewhat related to this--do you have a SOC2 report available?

Unfortunately, the report is unavailable for now.