Privacy Policy

Last updated: 28 April 2026

1. Introduction

Tenantrix ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use our Microsoft 365 applications — including TeamBook Connected Org and Tenantrix Governance — as well as our website at tenantrix.io.

By installing or using any Tenantrix application or service, you agree to the practices described in this policy. If you do not agree, please discontinue use of our services.

2. Information we collect

2.1 TeamBook Connected Org — data that stays in your tenant

TeamBook Connected Org is a SharePoint Framework (SPFx) web part that runs entirely inside your Microsoft 365 tenant. It reads employee data — display names, job titles, departments, office locations, profile photos, manager relationships, Microsoft Teams presence, and Out-of-Office state — directly from Microsoft Entra ID via the Microsoft Graph API using permissions your tenant administrator explicitly grants.

The application also reads from and writes to SharePoint lists inside your own SharePoint site to store extended profile data (bio, pronouns, skills, banner image), administrative configuration (departments, locations, app settings), and dotted-line relationships. These lists are auto-provisioned on first install and remain in your tenant under your administrative control.

None of the employee data above leaves your Microsoft 365 tenant. Tenantrix does not collect, copy, transmit, store, or process this data on our own servers or infrastructure.

The Microsoft Graph permissions requested are:

  • User.Read.All — read user profile information across the tenant
  • Group.Read.All — read Microsoft 365 group membership (defines who appears in the directory)
  • Presence.Read.All — read Microsoft Teams presence status
  • MailboxSettings.Read — read Out-of-Office automatic-reply settings
  • ProfilePhoto.Read.All — read user profile photos

All five permissions are read-only. The application cannot create, modify, or delete any data in Microsoft Entra ID or Microsoft 365 mailboxes. Writes happen only to the SharePoint lists in your own site, scoped to your tenant administrator's permission model.

2.2 TeamBook Connected Org — data that leaves your tenant

The application sends three minimal pieces of information to Tenantrix servers (Upstash Redis, EU region) for licence and usage management:

(a) Trial activation. When a tenant administrator clicks Start 14-day Trial inside the application, the following is recorded with the trial start timestamp:

  • Microsoft 365 tenant ID — to prevent multiple trials per tenant
  • Administrator email and display name — to contact them about activation and renewal
  • SharePoint site URL where the trial was started

Only the administrator who clicks the start button is identified — end users who later view the directory are not recorded. Trial records are retained for 30 days after expiry, then deleted unless a licence is purchased. They are never shared with third parties and are not used for marketing without explicit opt-in.

(b) Licence validation. When the application checks a licence key, we send and verify:

  • The licence key (validated against your purchase record)
  • Microsoft 365 tenant ID
  • SharePoint site URL — used only to enforce optional per-tenant key bindings

The validation result is cached client-side for 24 hours to reduce round-trips. No individual user data is sent during validation.

(c) Seat usage reporting. Every ~4 hours per active session, the application sends an aggregate headcount summary so we can verify usage against your purchased tier:

  • Microsoft 365 tenant ID
  • Product identifier and licensed tier (e.g. Starter / Growth / Enterprise)
  • Total number of employees visible in the directory at that moment
  • Timestamp

This is a count, not a list. No employee names, emails, photos, or any other individual data are transmitted — only the total. Each report overwrites the previous; no historical employee data is retained on our servers. The purpose is solely to compare your usage to the seat cap of your purchased tier so we can have accurate billing conversations.

2.3 Tenantrix Governance

Tenantrix Governance similarly operates within your Microsoft 365 tenant and accesses tenant configuration data through Microsoft Graph with permissions explicitly granted by your administrator. No governance or compliance data is stored outside your tenant.

2.4 Website visitors

When you visit tenantrix.io we may collect basic analytics data such as pages visited, browser type, and approximate location (country/region level). This is collected in aggregate and is not linked to any individual.

2.5 Contact and purchase enquiries

If you contact us, we collect the information you provide — typically your name, email address, and organisation name. We use this solely to respond to your enquiry.

If you purchase a licence, checkout is handled by Stripe. Stripe collects your name, email, billing address, and payment-method details directly. We receive only the information needed to issue your licence (name, email, organisation, the tier purchased, and Stripe's session identifier). Card numbers and other payment-card data never reach Tenantrix's servers — they are handled exclusively by Stripe under their PCI-DSS-compliant infrastructure. Stripe's privacy practices are governed by their own privacy policy.

3. How we use your information

Information we collect is used only for the following purposes:

  • Issuing and validating licence keys
  • Monitoring your usage against the seat cap of your purchased tier (so we can have accurate renewal and upgrade conversations)
  • Responding to enquiries submitted via the contact form
  • Processing purchases and renewals through Stripe
  • Improving the website experience based on aggregate analytics
  • Sending product updates or announcements if you have opted in
  • Complying with legal obligations

We do not sell, rent, or share your personal information with third parties for marketing purposes.

4. Data storage and security

Trial records, licence records, and aggregate seat-usage counts are stored in Upstash Redis (EU region) with TLS in transit and encryption at rest. Access is restricted to authorised Tenantrix staff using strong authentication.

Payment data is stored by Stripe (not by Tenantrix). Stripe is PCI-DSS Level 1 certified.

As noted above, employee data processed by our Microsoft 365 products is never stored by Tenantrix. It remains within your tenant and is governed by your own Microsoft 365 data residency and security settings.

5. Cookies

The tenantrix.io website may use cookies for basic analytics purposes. These are not used to identify individuals. You can disable cookies in your browser settings, though this may affect some functionality of the website.

6. Third-party services

The third parties that process information on our behalf are:

  • Stripe — payment processing and subscription billing (privacy: stripe.com/privacy)
  • Upstash — Redis storage for licence and trial records (EU region)
  • Vercel — hosting for tenantrix.io
  • Resend — transactional email delivery (licence-key emails, trial notifications)

Each third party processes data only as needed to deliver the service we use them for and is contractually bound to do so under appropriate data-protection terms.

Our Microsoft 365 products authenticate users through Microsoft Entra ID. Authentication is handled entirely by Microsoft and governed by Microsoft's privacy policies. Tenantrix does not receive or store passwords or authentication tokens.

7. Data retention

  • Trial records — retained for 30 days after trial expiry, then deleted unless a licence is purchased.
  • Licence records — retained for the duration of the active subscription plus 7 years for accounting/tax purposes (as required under EU law).
  • Seat-usage counts — only the most recent value is retained per tenant; previous values are overwritten and not archived.
  • Contact-form submissions — retained as long as necessary to respond, then deleted.
  • Payment records — retained by Stripe under their own retention schedule.

8. Your rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict certain processing
  • Withdraw consent where processing is based on consent
  • Export your data in a portable format

To exercise any of these rights, please contact us using the details below.

9. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

10. Contact

If you have any questions about this Privacy Policy or how we handle your data, please contact us via the contact form on our website or email us at help@tenantrix.io.