Privacy Policy
Effective Date: 16 April 2026
1. Information We Collect
Account Information
- Name
- Email address
Tenant Data (Microsoft 365)
- User identities
- Roles and permissions
- Security configurations
We do NOT access:
- Email content
- Files or documents
2. Usage & Diagnostic Data
We may collect limited usage and diagnostic data such as:
- Error logs
- Remediation activity logs
- System performance data
This is used to improve the service.
3. How We Use Data
We use data to:
- Analyze security posture
- Generate findings and reports
- Provide remediation recommendations
4. Data Storage & Security
- Tokens are securely stored and encrypted
- We do not store passwords
- Access is restricted using role-based controls
5. Data Retention
We retain data while your account is active. After tenant disconnection or account deletion:
- Data is deleted within 30 days
- Backups may persist for up to 60 days
6. Tenant Disconnection
When a tenant is disconnected:
- Access tokens are revoked
- Data is scheduled for deletion per retention policy
7. Data Sharing
We do NOT sell your data. We may share data with:
- Hosting providers
- Database providers
- Infrastructure services
8. Cookies
We use secure, HttpOnly cookies for authentication and session management. These cookies are not accessible via client-side scripts.
9. Data Residency
Data is currently hosted using cloud infrastructure providers (e.g., Railway, Vercel). Exact hosting regions may vary.
10. Children's Data
We do not knowingly collect data from individuals under 18.
11. Your Rights
You may:
- Request data deletion
- Disconnect your tenant
12. Changes
We may update this policy periodically.