Privacy policy

This policy describes privacy topics that commonly apply to PAnalytics when used for Microsoft 365 analytics and related reporting. Your organization's administrator configures what is measured, how long data is kept, and which integrations are enabled. If this policy conflicts with your organization's privacy notice, internal policy, or data processing agreement, those documents take precedence for your deployment.

Who is responsible

PAnalytics is typically operated by your organization (or a host acting as processor on its behalf). That operator acts as the controller for configuration choices and for any workforce notices your jurisdiction requires. Privion provides software and implementation guidance; it is not the controller for customer-operated instances unless expressly contracted.

What PAnalytics can measure

Depending on configuration, PAnalytics may process analytics and usage signals related to Microsoft 365 services — for example activity summaries and reports synchronized via Microsoft Graph, and, where you implement client-side or gateway measurement, SharePoint Online traffic patterns similar to other web analytics (pages, navigation, technical metadata).

Some Microsoft reports return limited or aggregated identifiers when your tenant’s privacy settings restrict detail; PAnalytics reflects what Graph and your measurement layer provide — it does not fabricate identifiers that Microsoft withholds.

Workforce and directory attributes (strictly opt-in)

Employee-related information such as work e-mail, job title, department, or similar directory fields is not collected by default. Where your organization deliberately enables options that attach such attributes to events or reports, that processing happens only because your administrators turned those features on and determined an appropriate lawful basis, workforce transparency, and any required consent or collective agreements. Disable those options to stop that category of processing.

Cookies, device data, and logs

Browser measurement may use cookies or comparable storage to distinguish visitors, subject to your tracker settings (for example anonymization of IP addresses, cookie consent banners, and custom dimensions). Server and infrastructure logs may exist where the application is hosted; retention and access controls are set by your operator.

Retention & security

Retention schedules, encryption, backups, and access roles are chosen in your environment. Follow your organization’s records-management and security standards.

International transfers

Data resides where you deploy the application and connect Microsoft 365. Cross-border transfers, if any, should be addressed in your organization’s transfer assessments and agreements.

Your rights

Individuals should contact their employer or tenant administrator to exercise access, correction, deletion, restriction, objection, or portability rights under applicable privacy law. Privion field teams can help your organization design compliant configurations; use the Privion contact form for service inquiries.

Changes

We may update this page to reflect product or regulatory developments. The “Last updated” date at the top shows the latest revision for this general template.