Legal
Privacy Policy
Last reviewed: May 2026 · Draft — to be reviewed by counsel before public launch.
Overview
This policy describes the data MSP License Tracker processes to provide Microsoft 365 license visibility for MSPs. It should be reviewed by qualified legal counsel before public launch.
Data we collect
We collect account details, authentication identifiers, workspace settings, Microsoft tenant IDs, tenant names, verified domains, license counts, SKU names, billing alerts, CSV export activity, and sign-in activity timestamps when Microsoft makes them available.
Microsoft data scope
We use Microsoft Graph permissions to read organization details, subscribed SKUs, assigned licenses, users, and sign-in activity for license review. We do not read mailbox contents, files, Teams messages, passwords, or payment card numbers.
Sub-processors
Current sub-processors include:
- VercelFrontend hosting and edge delivery
- RailwayPostgreSQL database infrastructure
- ClerkAuthentication and session management
- CloudflareDNS and email routing
- ResendTransactional email delivery
Stripe and analytics providers may be added before paid launch.
Retention
License snapshots and alerts are retained while the account is active. Removing a tenant deletes its local snapshots, inactive-user rows, and alerts. Cancelled accounts are deleted after a documented retention window.
Your rights
Depending on your jurisdiction, you may request access, correction, export, restriction, or deletion of personal data. Contact support@msplicensetracker.com for privacy requests.
Security
Microsoft refresh tokens are encrypted before storage using AES-256-GCM. Authentication is handled by Clerk. Access to application routes is restricted to signed-in users. See our Security page for a full overview.
Contact
Privacy and legal requests should go to support@msplicensetracker.com.