Privacy Policy

What We Collect:

  • User Data from Azure Entra ID: We utilize the Microsoft Graph API to access user data from Azure Entra ID for managing access control within your enterprise environment. This data may include user names, job titles, company email addresses, and department information.
  • Service Usage Data: Information on how you use our services, including usage patterns and preferences.
  • Cookies and Similar Technologies: We collect data through cookies and similar technologies, capturing information such as IP addresses, browser types, and session details.

How We Use It:

  • Service Delivery: To provide role-based access control services in accordance with your enterprise's requirements.
  • Service Improvement: To analyze service quality and user experience with the aim of improving our offerings.
  • Communication: To keep administrators informed about their accounts, our services, and any updates to this policy.

Legal Basis for Processing

We process data based on the following legal grounds:

  • The processing is necessary for the performance of a contract to which our enterprise customer is a party.
  • Compliance with legal obligations.
  • The user's consent for specific processing activities.
  • Our legitimate interests, such as improving our services and ensuring their security.

Data Minimization

We access and process only the data necessary to provide and improve our services. The data collected via the Microsoft Graph API is limited to what is required to fulfill our role-based access control and other service functionalities.

Data Controller and Data Processor Roles

In most cases, the enterprise customer acts as the data controller, determining the purposes and means of processing user data. ITSM Autopilot acts as a data processor, processing data on behalf of the enterprise customer in accordance with their instructions and our contractual obligations.

User Rights and Data Protection

  • Access the information held about them.
  • Request correction of inaccurate data.
  • Request deletion of their data under certain conditions.
  • Object to or restrict processing of their data.
  • Request data portability.

Data Security

We employ a variety of security measures to protect your data from unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: Data transmitted between our servers and your browser is encrypted using Transport Layer Security (TLS).
  • Access Controls: We restrict access to your data to authorized personnel only.
  • Network Security: We utilize firewalls and other network security protocols to protect data from unauthorized access.
  • Regular Security Audits: Our security protocols and systems are subject to regular audits to ensure ongoing protection of your data.

Data Sharing and Transfers

We may share personal data with third-party service providers, including cloud hosting providers, payment processors, analytics services, and customer support tools, solely for the purpose of operating our services and conducting our business. Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to protect the rights and freedoms of individuals.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The retention period may vary depending on the nature of the data and the purpose for which it was collected. When we no longer need to process your personal data, we will securely delete or anonymize it.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our service and hold certain information. You have the option to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service.

Third-Party Data Processing (OpenAI)

When the Customer configures AI agents, ticket data is sent to OpenAI's API using the Customer's own API key. This means: (a) the Customer has a direct data processing relationship with OpenAI; (b) ITSM Autopilot does not control how OpenAI processes this data; (c) the Customer should review OpenAI's data usage policies at openai.com/policies; (d) ITSM Autopilot applies PII masking before sending data to AI models where configured. ITSM Autopilot does not store, sell, or share ticket data with any third party beyond what is necessary for the Customer's configured automations.

Data Retention

Ticket activity logs are retained for as long as the Customer's account is active. Knowledge base articles created by AI agents are retained until manually deleted by the Customer. Upon account termination, all Customer data including ticket logs, knowledge articles, agent configurations, and encrypted credentials are permanently deleted within 30 days.

Cookies and Analytics

ITSM Autopilot uses essential cookies for authentication and session management only. We do not use tracking cookies, advertising cookies, or third-party analytics services. No personal data is shared with advertising networks.

Policy Updates

We reserve the right to modify this Privacy Policy at any time. Any significant changes will be communicated to you via email or a prominent notice on our website. We encourage users to frequently check this page for any updates to stay informed about how we are protecting the personal information we collect. Your continued use of the website after any modifications to this Privacy Policy will constitute your acknowledgment of the changes and your consent to abide and be bound by the modified Privacy Policy.

    Privacy Policy | ITSM Autopilot