Privacy Policy

Account information: name, email address, and password (stored hashed). We send email verification codes and, for Pro subscribers, monitoring alerts.

Tenant connection metadata: Microsoft tenant ID, domain, and display name after you grant admin consent. We do not store Microsoft credentials or long-lived access tokens.

Scan results: health scores, findings, remediation notes, and optional AI-generated remediation text cached per finding.

Billing: subscription status via Stripe. Payment card details are handled by Stripe, not stored on our servers.

Alert preferences: email and webhook URLs you configure for Pro monitoring.

Technical logs: standard server logs (IP address, user agent, timestamps) for security and troubleshooting.

We use your data to provide scans, dashboards, exports, billing, email verification, scheduled monitoring, and support. We do not sell your personal information.

Scan data is read from Microsoft Graph using application permissions you consent to. We use it only to produce reports and alerts for your account.

If you enable AI remediation, finding titles and descriptions may be sent to OpenAI to generate fix steps. Results are cached in our database.

We retain account and scan data while your account is active. Disconnecting a tenant removes connection and scan history for that tenant. Deleting your account permanently removes your user record and associated data from our systems.

We rely on service providers including hosting, Postgres database, Stripe (payments), email delivery (SMTP), Microsoft Graph (tenant data), and OpenAI (optional AI remediation). Each processes data under their own terms and only as needed to provide the service.

We use HTTPS, hashed passwords, read-only Microsoft access, and least-privilege application permissions. No system is perfectly secure; report concerns to us promptly.

Depending on your location, you may have rights to access, correct, or delete personal data. Use in-app account deletion or contact us. California residents may have additional rights under the CCPA.

We may update this policy. Material changes will be reflected by the "Last updated" date above.