BridgeTenant

Privacy Policy

Last updated: February 2026

1. Introduction

BridgeTenant ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our security assessment and pre-migration analysis services for Microsoft 365 tenants.

2. Information We Collect

2.1 Account Information

When you create an account via social login (Microsoft, Google, LinkedIn, GitHub, or Apple), we collect:

  • Name and email address (provided by your identity provider)
  • Company name and country (provided during onboarding)
  • Billing information (processed securely by our payment provider)

We do not store passwords. Authentication is fully delegated to external identity providers via federated social login.

2.2 Microsoft 365 Tenant Data

When you connect a tenant for assessment, we collect configuration data through Microsoft Graph API with read-only permissions. This includes:

  • User counts and group structures (no personal user data)
  • Security policies and configurations
  • License assignments and service plans
  • Mail flow rules and connector settings
  • SharePoint and OneDrive settings
  • Teams policies and configurations

Important: We never modify, delete, or alter any data in your Microsoft 365 environment. Our access is strictly read-only.

2.3 Usage Data

We automatically collect certain information about your use of our service:

  • Pages visited and features used (via Plausible Analytics - no cookies, no personal tracking)
  • Assessment history and report downloads
  • Country and device type (aggregate, anonymous data only)

2.4 Feedback Data

When you submit feedback through our feedback form, we collect:

  • Feedback category and message content
  • Email address (if voluntarily provided)
  • Page URL where feedback was submitted

Feedback data is used solely to improve our platform and is not shared with third parties.

3. How We Use Your Information

We use collected information to:

  • Provide and maintain our services
  • Generate security assessment reports
  • Send service notifications and updates
  • Process billing and payments
  • Improve our platform and develop new features
  • Comply with legal obligations

4. Data Storage and Security

4.1 Storage Location

Your data is stored in the region you select during tenant registration (EU, US, UK, or other available regions). Assessment data is stored on secure Azure infrastructure with encryption at rest and in transit.

4.2 Security Measures

We implement industry-standard security measures including:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Regular security audits and penetration testing
  • Role-based access controls
  • Multi-factor authentication

5. Data Retention

Assessment data is retained for the duration of your active subscription plus 30 days. After subscription cancellation or account deletion, all tenant-specific data is permanently deleted within 30 days. Anonymized, aggregated analytics data may be retained for service improvement purposes.

6. Data Sharing

We do not sell your personal information. We may share data with:

  • Service Providers: Cloud hosting (Microsoft Azure), payment processing, and email delivery services
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to you)

7. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent

To exercise these rights, contact us at privacy@bridgetenant.com.

8. Cookies and Browser Storage

BridgeTenant uses localStorage (not cookies) for authentication tokens. We do not set any tracking cookies. For analytics, we use Plausible Analytics, a privacy-friendly service that does not use cookies and does not track individual users. No personal data is collected or shared with third parties through our analytics. See our Cookie Policy for details.

9. Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by email or prominent notice on our website. Continued use of our service after changes constitutes acceptance.

11. Data Controller

The data controller for BridgeTenant is MIT Marcin Chrzest, a sole proprietorship registered in Poland (JDG).

For privacy-related questions or to exercise your rights:

Supervisory Authority

If you are in the EU and have concerns about our data practices, you have the right to lodge a complaint with your local data protection authority.