Privacy Policy

Effective date: 2026-06-20
Operator: Per My Last Webhook, LLC (REPLACE-ME — your registered business address)
Contact: hello@permylastwebhook.com

1. Who this applies to

This policy describes the data that DevOps Connector ("the Service") collects when your Microsoft 365 organization installs and uses it. The Service is operated by Per My Last Webhook, LLC.

If you have not installed the Service into your Microsoft 365 tenant, this policy does not apply to you.

2. What we collect

The Service is a webhook relay: pipeline events from your CI tools enter on one side, adaptive cards land in Microsoft Teams on the other. To do that we process and store the following.

2.1 Tenant and identity data

Data	Source	Why we have it
Microsoft Entra tenant id	Bearer token `tid` claim	Multi-tenant scoping; ensures one customer cannot see another's data
User principal name (UPN) of the admin who installed the Service	Bearer token `preferred_username`	Audit log attribution for sensitive actions
Admin consent timestamp and consenting user	Entra `/adminconsent` callback	Proof that an authorized admin granted access

We do not collect names, email addresses (beyond the UPN, which usually contains one), phone numbers, or any other personal data about end-users.

2.2 Subscription configuration

For each subscription an admin creates, we store:

A user-supplied subscription name (free-form, e.g. #builds-team-a).
The Microsoft Teams Workflows webhook URL encrypted at rest in Azure Key Vault. We never log it in plaintext and never expose it through any API endpoint after creation.
Optional filters: which pipelines to allow, which statuses to forward, an optional approver list.
The set of CI platforms enabled.

2.3 Build event metadata

When a CI pipeline emits an event, the Service receives a payload describing the event (repository name, branch, commit SHA, author, status, build URL, log URL). The Service:

Posts an adaptive card to your Teams channel using that data.
Discards the payload after a successful post. We do not persist build event payloads.

The only event-related data we keep is an entry in the audit log (see 2.5).

2.4 Bot Framework data (only if you enable the bot)

If you install the optional Bot Framework integration, we additionally store:

Teams channel ids and conversation references for channels where the bot is added.
Activity ids of cards the bot has posted, to support in-place updates.

These records persist for the lifetime of the installation and are deleted on uninstall (see 7).

2.5 Audit log

Every mutation on the management plane (creating, editing, deleting a subscription; approving or rejecting a deployment) is appended to an audit log entry containing: the actor's UPN or "host-key", the action name, the affected entity id, the source IP, and a timestamp.

Audit entries are stored for 90 days then automatically deleted by Cosmos DB TTL.

2.6 Billing data (only if billing is enabled)

If your tenant subscribes to a paid plan via Stripe:

We store your Stripe customer id and the plan tier.
We do not store your credit card number, CVV, or any other payment instrument. Stripe handles all payment data directly; we only receive identifiers and lifecycle events.

2.7 Operational telemetry

The Service emits standard application telemetry (request paths, status codes, durations, error stack traces) to Microsoft Application Insights. Personal data is not intentionally written to telemetry. If a stack trace incidentally contains a user id, it remains subject to the same access controls as everything else.

3. What we do not collect

Source code.
The contents of your repositories.
Pipeline secrets (e.g. GITHUB_TOKEN, AZURE_CREDENTIALS). These may transit the Service as part of a webhook payload, but are not persisted.
Personal data about end-users of your CI system beyond what appears in event metadata (typically a username and an avatar URL).
Cookies, beyond a single session cookie used by the admin UI for sign-in state.

4. How we use the data

We use the data above solely to:

Deliver adaptive cards to your Teams channels.
Authenticate you when you sign in to the admin UI.
Enforce per-organization rate limits to protect the Service.
Provide an audit trail of who changed what.
Bill you if you are on a paid plan.

We do not sell data. We do not share data with advertisers. We do not train AI models on your data.

5. Sub-processors

The Service runs on third-party infrastructure. The following sub-processors necessarily receive your data:

Sub-processor	Purpose	Data shared
Microsoft Azure	Compute, storage, secrets, telemetry	All Service data
Microsoft Teams / Bot Framework	Delivery channel	Channel id, card payload
Microsoft Entra ID	Authentication	Tenant id, UPN
Stripe (if billing enabled)	Payment processing	Stripe customer id, plan tier, plan lifecycle events

We do not engage additional sub-processors without updating this policy.

6. Where the data lives

Service data is hosted in East US (eastus) (Microsoft Azure). Disaster-recovery backups, when present, remain within the same geography.

If you require data residency in another region, contact us at hello@permylastwebhook.com.

7. Retention and deletion

Data class	Retention
Subscriptions, installations, bot channels	Until you delete them, or until the installation is removed
Approvals	30 days (auto-deleted by Cosmos DB TTL)
Audit log entries	90 days (auto-deleted by Cosmos DB TTL)
Build event payloads	Discarded immediately after delivery
Telemetry	90 days (Application Insights default)
Stripe records	Until the customer record is deleted via Stripe

Uninstalling the Service deletes all subscription, installation, and bot-channel records for your tenant within 30 days. Audit and telemetry continue to expire by TTL as above. To request immediate deletion of all data, contact hello@permylastwebhook.com.

8. Your rights

Depending on where you are based, you may have the right to:

Access the data we hold about you.
Correct inaccurate data.
Delete your data.
Object to processing.
Receive a portable copy of your data.

To exercise any of these rights, email hello@permylastwebhook.com. We respond within 30 days. We may require proof that the request comes from an authorized admin of the affected tenant.

9. Security

All secrets (Workflows webhook URLs, API key hashes, Stripe keys) are stored in Azure Key Vault with managed-identity access only.
Management endpoints require Microsoft Entra Bearer tokens validated against the multi-tenant JWKS endpoint.
Per-organization rate limits prevent enumeration and abuse.
HTTPS is mandatory; HTTP requests are rejected by Azure Front Door.
Audit log entries are append-only.

We follow standard secure-development practices but make no warranty of perfect security. Report security issues to security@permylastwebhook.com.

10. Children

The Service is not directed at children under 16 and we do not knowingly process their data.

11. International transfers

If you are based outside the State of Delaware, USA, your data is transferred to and processed in the Azure region listed in section 6. We rely on Microsoft's Standard Contractual Clauses for cross-border transfers within the Microsoft cloud.

12. Changes to this policy

We will update this policy when our practices change. The Effective date at the top of this page reflects the most recent revision. Material changes will be announced in the admin UI at least 30 days before they take effect.

13. Contact

Per My Last Webhook, LLC
REPLACE-ME — your registered business address
hello@permylastwebhook.com

For data-protection-specific inquiries: privacy@permylastwebhook.com