Updated: February 26, 2024
This privacy policy is an extension of the Master Privacy Policy and covers some specific practices in Plumsail Org Chart.
In Short: In a few specific cases.
Plumsail Org Chart is a SharePoint Framework webpart. It displays organizational structure on SharePoint pages or Microsoft Teams tabs. The data is loaded directly from Microsoft APIs within the Microsoft 365 tenant and doesn’t require transfer to Plumsail servers in most cases. For instance, the visualization of Org Chart, PDF/PNG printing, and CSV export features do not require data transfer to our servers and work purely in the browser.
There are only two cases when data leaves the Microsoft 365 tenant:
License verification - The web part verifies if a license is active for the current Microsoft 365 tenant. SharePoint domain URL is sent to Plumsail API.
Multi-page PDF report generation - The user decided to create a multi-page PDF report. Generation of multi-page PDF report involves conversion of data into PDF file that is impossible without server-side logic.
Note
It is possible to disable the multi-page PDF report generation feature for your tenant. In this case, no data except license verification requests will leave your Microsoft 365 domain. For more details, please refer to the article.
Data required for report generation is sent to our servers for PDF report conversion. We don’t store your data longer than it is required to generate a report. All data is sent through an encrypted SSL connection. The cache is encrypted with 256-bit AES encryption.
We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any data we process. Our source code repositories are regularly scanned for security issues and our network is protected by a firewall. Our APIs are scanned on a regular basis for security holes and known vulnerabilities. Production environments are only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential.
Plumsail Org Chart architecture document can be found in our Trust Center
Yes, Plumsail Org Chart for Microsoft 365 is GDPR compliant. We have implemented measures to protect your data, including by using the European Commission’s Standard Contractual Clauses for transfers of personal information. The Data Processing Agreement that includes Standard Contractual Clauses can be found in our Trust Center.
The app is deleted from your SharePoint tenant. Local storage data can be cleared manually in your browser.