This policy explains how Glow Cloud Solutions, a sole trader (Mark Berry) ("we", "us"), the data controller for SharePoint Directory (a SharePoint Kit product), handles personal data. We collect as little as possible.
1. What we collect
- Contact form: the name, email and message you submit (handled by our form provider, Web3Forms, and delivered to our mailbox).
- Website analytics: anonymised usage statistics via Google Analytics, set only if you consent to analytics cookies. You can decline or withdraw at any time.
- Sign-in: when you sign in to the customer portal with Microsoft, we receive your name, email and tenant ID from Microsoft to authenticate you.
- Licensing: to validate your subscription we store your Microsoft 365 tenant ID and billing email. We do not store your SharePoint or directory content.
- Billing: payments are processed by Lemon Squeezy (our merchant of record, via SharePoint Kit). We do not receive or store your card details.
2. Data the app accesses in your tenant
The SharePoint Directory web part runs inside your own Microsoft 365 tenant and reads people and presence through Microsoft Graph as the signed-in user, using just two read-only scopes (User.Read.All and Presence.Read.All). That data stays in your tenant; we do not receive, proxy or store it. Personal extras such as birthdays and the self-service "Your info" fields are opt-in and stored in your own tenant.
3. How we use data
- To provide and validate the service (licensing).
- To respond to your enquiries.
- To understand site usage in aggregate and improve our content.
Our legal bases are performance of a contract and our legitimate interest in running and improving the service.
4. Sharing
We use a small number of processors to run the service:
- Cloudflare - hosting and security.
- Google - website analytics (set only with your consent).
- Lemon Squeezy - checkout, billing and tax (via SharePoint Kit).
- Microsoft - sign-in (the data the app reads stays in your own tenant).
- Web3Forms - contact-form delivery.
We do not sell personal data.
5. Retention
We keep licensing and contact data for as long as needed to provide the service and meet legal obligations, then delete it.
6. Your rights
Subject to applicable law (including UK/EU GDPR) you may request access to, correction of, or deletion of your personal data, and may object to certain processing. To exercise these rights, email hello@sharepointkit.com.
7. International transfers
Our processors may handle data outside the UK/EU under appropriate safeguards.
8. Cookies and your choices
This site uses only a small number of cookies and local storage. Strictly necessary items are always active; analytics cookies are set only if you allow them, and none are placed before you consent. You can change or withdraw your choice at any time using the cookie-settings cog in the bottom-left corner of any page.
- spd_consent - remembers your cookie choice. Strictly necessary; stored in your browser's local storage, not sent to us. Persists until you clear it.
- _ga - Google Analytics, distinguishes visitors (anonymised). Set only with your consent. Expires after 13 months.
- _ga_<id> - Google Analytics, keeps session state during your visit. Set only with your consent. Expires after 13 months.
Analytics is provided by Google with IP anonymisation. If you withdraw consent, we stop using analytics and delete the Google Analytics cookies from your browser. The customer portal uses a single essential cookie to keep you signed in.
9. Contact
Privacy questions: email hello@sharepointkit.com or contact us.
This document is a general template and not legal advice. Have it reviewed by a qualified solicitor/DPO before relying on it.