Get Started

Privacy Policy

Teams Short Link Manager

Last updated: April 2026

This Privacy Policy describes how BrandExio ("we", "us", "our") collects, uses, and protects information when you use the Teams Short Link Manager application ("the Application").

1. Deployment Model

The Application is deployed as an Azure Managed Application on your organization's own Microsoft Azure subscription. All data, including user information, short links, click analytics, and configuration, is stored exclusively within your Azure subscription and tenant. We do not host, store, or have access to your data.

2. Information Stored in Your Azure Subscription

The following data is stored in your organization's Azure infrastructure:

  • User data — email addresses and display names (for authentication and user management)
  • Short link data — URLs, targets, suffixes (for the URL redirection service)
  • Click analytics — IP address, country, city, region, browser, device, OS, ISP, referrer (for link performance analytics)
  • Azure AD credentials — Client ID, Tenant ID, Client Secret (encrypted with AES-256-GCM)
  • Audit logs — security and compliance tracking
  • Session data — authentication sessions (stored in Azure Redis Cache)

3. Information We (the Publisher) Collect

We do not collect, access, transmit, or store any of your organization's data. Specifically:

  • We have no access to your database, Redis cache, or application data
  • We do not receive analytics, telemetry, or usage data from your deployment
  • We do not track individual users of your deployment
  • We do not have access to your Azure AD credentials or tokens

Our access to your managed resource group is limited to operational management only — specifically, updating the container application images when new versions are released.

4. Third-Party Services

Microsoft Azure — The Application runs on Microsoft Azure infrastructure within your subscription. See: Microsoft Privacy Statement.

Microsoft Entra ID (Azure AD) — Authentication is handled through Microsoft Entra ID with the following permissions: email, openid, profile, User.Read (delegated), and Mail.Send (application — for notification emails).

ip-api.com — When a short link is clicked, the Application uses ip-api.com to determine approximate geographic location based on the visitor's IP address. Results are cached in your Azure Redis Cache.

5. Data Encryption and Security

  • Encryption at rest — Sensitive configuration fields encrypted using AES-256-GCM
  • Encryption in transit — All connections use TLS 1.2 or higher
  • Authentication — Microsoft Entra ID with mandatory Multi-Factor Authentication (MFA) enforced at the protocol level
  • Authorization — Role-based access control with granular permissions
  • Audit trail — Comprehensive logging of 30+ event types with user attribution

The Application has been mapped against ISO 27001:2022 controls. Of 49 applicable controls, 27 are fully implemented and 11 are partially implemented at the application level.

6. Data Retention

Data retention is controlled entirely by your organization. Since all data resides in your Azure subscription, you can delete it at any time by removing the resource group or individual resources. Users are soft-deleted to preserve audit trails, with configurable retention policies.

7. Data Sharing

The Application does not share your data with any third party, except:

  • ip-api.com — visitor IP addresses for GeoIP lookup
  • Microsoft Graph API — notification emails sent through Microsoft's infrastructure using your organization's Mail.Send permission

No data is sold, rented, or shared for advertising or marketing purposes.

8. Your Rights

Since your organization controls all data in its own Azure subscription, your IT administrator can: access, export, or delete any data; review audit logs; remove the Application entirely; and revoke Azure AD permissions at any time.

9. Changes to This Policy

We may update this Privacy Policy when we release new versions of the Application. Changes will be posted on this page with an updated date.

10. Contact Us

If you have questions about this Privacy Policy, contact us at: privacy@brandexio.com