What data is collected
To operate the service we process: (i) registration data of the legal entity and the administrator (name, email, CNPJ); (ii) data of the connected Microsoft 365 tenant (tenant name, primary domain, list of users in monitoring scope); (iii) the contents of individual and group chats of monitored users, including text, attachments, images and shared files; (iv) platform usage metadata (logins, exports, administrative actions).
How data is protected
All communication between the customer and the platform uses TLS 1.2+ (encryption in transit). Data at rest lives in managed SQL Server hosted in Brazil (Oracle Cloud, São Paulo region). Internal access to the infrastructure is restricted by SSH key and audited. Each customer organization is isolated by automatic database query filters — one organization's data never appears for another.
Sharing and retention
We do not sell, rent or share customer data with third parties for marketing purposes. Subprocessors in use: Microsoft (Graph API, source of chat data), Stripe (payment processing), Oracle Cloud (hosting). When an account is closed, the history of chats, attachments and media is permanently deleted from our environment. Invoices and audit log are kept for the legal retention period required by Brazilian tax and regulatory law.