Privacy Statement

This statement covers:

• Website visitors
• Business contacts (prospects/customers/partners)
• Product users (administrators and end users interacting with our web parts)
• Service engagements (consulting/development/support)

Where we process personal data on behalf of a Customer within a Microsoft 365 tenant, the Customer is typically the controller and Incode acts as a processor.

Depending on how you interact with us, we may collect:

• Contact & business information: name, email, phone, job title, organization, billing details.
• Support and communications: messages, attachments, tickets, call notes.
• Website and device data: IP address, browser type, pages viewed, cookies, and similar technologies.
• Product telemetry (optional/limited): diagnostics and usage events such as timestamps, correlation IDs, error messages, feature usage counts, tenant/site identifiers in a minimal form (e.g., site origin), and license status signals (e.g., plan type, validity window).
• Customer tenant data (only if applicable): when providing services or when a product feature requires it, we may access configuration or content only to the extent authorized and required.

We do not intend to collect special categories of personal data (e.g., health, religion). Please do not send it unless necessary.

We use information to:

• Provide and improve our Offerings (including debugging, reliability, and security).
• Provision, validate, and manage licensing/entitlements (including trial/full status and expiry).
• Respond to inquiries and provide support.
• Deliver consulting/development services and fulfill contracts.
• Comply with legal obligations and enforce agreements.
• Prevent fraud, abuse, and security incidents.

Depending on jurisdiction (e.g., GDPR/UK GDPR), we rely on:

• Contract (to deliver products/services you request)
• Legitimate interests (security, product improvement, fraud prevention)
• Consent (for certain cookies/marketing where required)
• Legal obligation (tax, accounting, lawful requests)

We may share information with:

• Service providers/processors (hosting, analytics, support tooling) under contract.
• Microsoft as part of using Microsoft 365/Entra/Azure platform capabilities (subject to Microsoft’s terms).
• Professional advisors (legal/accounting) as needed.
• Authorities if required by law.

We do not sell personal information.

We retain information only as long as needed for the purposes described, including:

• Contract and support needs
• Security and audit requirements
• Legal/financial obligations

We will delete or de-identify data when no longer needed, subject to backups and legal constraints.

We may process data in countries other than where you reside. Where required, we use appropriate safeguards (e.g., standard contractual clauses) to protect transferred data.

We use reasonable safeguards such as access controls, least privilege, encryption in transit where available, logging, and secure development practices. No system is perfectly secure.

Our website may use cookies and similar technologies for:

• essential functionality
• performance and analytics
• preference storage
• marketing (where enabled)

You can control cookies via browser settings and, where required, our cookie consent mechanism.

For SPFx web parts and similar solutions:

• Data is generally processed within the Customer’s Microsoft 365 environment.
• If our product calls a backend API we host (e.g., for licensing validation), we aim to send only minimal necessary information (e.g., product key, tenant/site origin, diagnostic IDs).
• We recommend Customers avoid sending content payloads or personal data to licensing endpoints unless absolutely necessary.

Depending on location, you may have rights to:

• access, correct, delete, or obtain a copy of your data
• object or restrict processing
• withdraw consent (where applicable)
• lodge a complaint with a regulator

If you are an end user in a Customer tenant, you may need to direct certain requests to your organization (the controller).

Our Offerings are intended for business use and not directed to children.

We may update this statement. The “Last updated” date will reflect changes.

Privacy questions or requests: support@incodesoftwaresolutions.com.