Privacy Policy
Last updated: July 2026
This policy explains what data LicenSweep ("the Service") accesses, stores, and how it's used.
1. What we access
When your administrator connects your Microsoft 365 tenant, the Service reads, via Microsoft Graph:
- Purchased and consumed license counts (subscribedSkus)
- The Microsoft 365 activity usage report, which includes user principal names or anonymized identifiers (depending on your tenant's reporting privacy settings) and last-activity dates per service
We do not access email content, file content, Teams messages, calendar data, or any data beyond license assignment and activity timestamps.
2. What we store
We store your tenant ID and connection status in our database so the Service knows which tenant to query on your behalf. We do not store the full activity report or user-level data persistently — it's fetched fresh from Microsoft Graph each time you view your dashboard.
3. What we don't store
We never receive, request, or store your Microsoft 365 password or any user's login credentials. Authentication to your tenant happens entirely through Microsoft's own OAuth consent flow, using an application-level token — no user credentials pass through our systems at any point.
4. Payment information
Billing is processed by a third-party payment processor (Stripe). We do not store your card details on our own servers.
5. Data sharing
We do not sell, rent, or share your tenant's data with third parties, except as required to operate the Service (e.g., our cloud hosting provider) or as required by law.
6. Data retention and deletion
You can delete the tenant record stored by the Service using the disconnect control in the dashboard. Revoking the enterprise application separately in Microsoft 365 prevents future Graph access. Contact support using the address published by the Service operator for assistance.
7. Security
Data in transit is encrypted via HTTPS/TLS. Access tokens used to query Microsoft Graph are requested fresh for each session and are not persisted to disk.
8. Changes to this policy
We may update this policy periodically. Material changes will be reflected with an updated "Last updated" date above.
9. Contact
Before public launch, the Service operator will publish its legal name, postal address, and monitored privacy-support email here.
This is a general-purpose template and is not a substitute for advice from a qualified attorney, particularly regarding GDPR, CCPA, or other regional data-protection requirements that may apply to your customers.