officeatwork | Content Chooser for Office

Publisher Attestation: The information on this page is based on a self-assessment report provided by the app developer on the security, compliance, and data handling practices followed by this app. Microsoft makes no guarantees regarding the accuracy of the information.

Last updated by the developer on: October 17, 2019

General information

Information provided by officeatwork 365 to Microsoft:

Information Response
App name officeatwork Content Chooser for Office
ID WA104380602
Office 365 clients supported Excel for iPad, Excel 2016 for Mac, Excel Online, Word for iPad, Word 2016 for Mac, Word Online, Word 2013 Service Pack 1 or later, PowerPoint for iPad, PowerPoint 2016 for Mac, PowerPoint Online, PowerPoint 2013 Service Pack 1 or later, Excel 2013 Service Pack 1 or later, OneNote Online
Partner company name officeatwork 365
Physical address Bundesplatz 12, 6300 Zug, Switzerland
URL of partner website https://www.officeatwork365.com/
URL of Privacy Policy https://links.officeatwork.com/officeatwork-privacystatement
URL of Terms of Use https://go.microsoft.com/fwlink/?LinkID=521715&omkt=en
Main telephone number +41 41 544 7100
Description of available licensing options, if any Business; Enterprise; Government; NOP&NGO; Education; Personal (free)
Licensing contact Roman Stalder (roman.stalder@officeatwork.com)
Licensing telephone number https://links.officeatwork.com/officeatwork-buy

Feedback

Questions or updates to any of the information you see here? Contact us!

How the app handles data

Information provided by officeatwork 365 on how this app collects and stores organizational data, and what control an organization has over this data.

Data access using Microsoft Graph

List any Microsoft Graph permissions this app requires, and for each, whether they are delegate or application permissions, the justification and purpose for this permission (what does the app use this information for?), and whether the app stores any of this information in its databases.

Permission Delegated/Application Justification/Purpose Is any of this data stored in app database(s)? Azure AD App ID
openid Delegated Used to enable sign in with an organizational and/or Microsoft Account. No data is stored. 8cf0fbc9-28f7-4bfb-94db-237b049fcbf7
User.ReadBasic.All Delegated Used to interactively read information about, add and remove the designated officeatwork administrators. Used to store the oid (object ID / User ID) of the designated officeatwork Administrators in an encrypted Azure Cosmos DB instance. Only officeatwork administration are able to configure the product settings. 8cf0fbc9-28f7-4bfb-94db-237b049fcbf7
profile Delegated Used to store the oid (object ID / User ID) of the designated officeatwork Administrators in an encrypted Azure Cosmos DB instance to capture who can perform administration tasks for the officeatwork subscriptions on a Microsoft 365 tenant basis. Each tenant has their own tenant document and access to that document is restricted to the corresponding tenant only. 8cf0fbc9-28f7-4bfb-94db-237b049fcbf7
openid Delegated Used to enable sign in with an organizational and/or Microsoft Account. No data is stored. edb24f8f-38af-4b3e-9475-0da243678d5a
profile Delegated Used to read the user’s oid (Object ID / User Id) for investigating support issues. Used to store the oid in AppInsights for support reasons. The AppInsights storage is only accessible by selected officeatwork engineering and support staff. The transfer of event data is encrypted. Each event in AppInsights will automatically be deleted after three months, including the oid for those events. edb24f8f-38af-4b3e-9475-0da243678d5a
offline_access Delegated Used to automatically re-sign-in the user when re-launching the product. This saves the user from having to manually sign-in to the product on every launch of the product. We do not use this permission other than to the user's convenience of automatically signing in the user. edb24f8f-38af-4b3e-9475-0da243678d5a
email Delegated Used to pre-populate the login hint in following authentication flows to enable the best possible authentication experience for users. No data is stored. edb24f8f-38af-4b3e-9475-0da243678d5a
User.ReadWrite Delegated Used to: A) read and write product-specific user settings for the convenience of the user. This will, for instance, allow the product to 'remember' the language setting the user has selected. So next time the user signs into the product the language will be set correctly. officeatwork does not store user settings of any kind on any of their own servers or services. B) help the user to identify the account they signed in with by displaying the name and photo of the account. C) read the first name, last name, and e-mail address of the user during the evaluation or free phase of the product so that we can connect, communicate and support the users during this phase. Used for unlicensed users only (evaluation or free) to store the first name, last name, and e-mail address in our marketing automation tool enabling us to offer the best possible evaluation support. Evaluation users that become licensed users will remain in our marketing automation tool. The marketing automation tool offers an opt-out link in each email communication. edb24f8f-38af-4b3e-9475-0da243678d5a
Files.ReadWrite.All Delegated Used for the ‘OneDrive Feature’ to interactively allow the user to find and load files from the user’s OneDrive. There are no processes in place that would read or write files other than in a well-guided interactive user experience within the product where the user gets to decide what files to find and use. No data is stored. edb24f8f-38af-4b3e-9475-0da243678d5a
Group.ReadWrite.All Delegated Used for the ‘Teams Feature’ to interactively allow the user to find and load files from the user’s Teams teams. There are no processes in place that would read or write files other than in a well-guided interactive user experience within the product where the user gets to decide what files to find and use. No data is stored. edb24f8f-38af-4b3e-9475-0da243678d5a
User.Read.All Delegated Used for the ‘Teams Feature’ to be able to determine in what Teams the user is a member of. No data is stored. edb24f8f-38af-4b3e-9475-0da243678d5a
Sites.Read.All Delegated Used for the ‘SharePoint Feature’ to interactively allow the user to find and load files from the user’s SharePoint Online document libraries. There are no processes in place that would read files other than in a well-guided interactive user experience within the product where the user gets to decide what files to find and use. No data is stored. edb24f8f-38af-4b3e-9475-0da243678d5a

Data access using other Microsoft APIs

Apps and add-ins built on Microsoft 365 may use additional Microsoft APIs other than Microsoft Graph to collect or process organizational information. List any Microsoft APIs other than Microsoft Graph this app uses, and for each, the justification and purpose (what does the app use this information for?), and whether the app stores any of this information in its databases.

Microsoft API Justification/Purpose Is any of this data stored in app database(s)?
Exchange Web Services (EWS) Interactively allow the user to find and load files from the user’s SharePoint Online document libraries in a way not yet available via the Graph. The product does not store any data coming from SharePoint in the product’s databases.

Non-Microsoft Services Used

If the app transfers or shares organizational data with non-Microsoft service(s), list the non-Microsoft service(s) the app uses, what data is transferred, and include a justification for why the app needs to transfer this information.

No data is transferred.

Add-in Data Access

List the permissions this app requires for accessing your organization's data, the justification and purpose for this permission (what does the app use this information for?), and whether the app stores any of this information in its databases.

Permission Description
ReadWrite Document Can read and make changes to your document
Send Data Can send data over the Internet

Telemetry data

Does any organizational information, including EUII (end-user identifiable information) and OII (organizational identifiable information), appears in this application's telemetry/logs? If yes, describe what data is present and what controls/processes an organization has in place to archive and/or delete it. If no, describe the controls/processes in place to prevent EUII and OII from appearing in telemetry/logs.

Not specified.

Storing and securing organizational data

Describe where/how is this application's data is stored and how access to it is controlled. Is it encrypted? Who can access it? How do you ensure that only authorized systems/individuals can access it? Examples: 2FA for all admins, Privileged Access Management (PMA), partitioning service admin accounts from Azure AD/corporate user accounts, protected IP ranges between systems, etc.

Not specified.

Organizational controls for data stored by partner

Describe any capabilities an organization's administrators have to control their information residing in partner systems, e.g. deletion, retention, auditing, archiving, end-user policy, etc.

Not specified.

Human review of organizational information

Are humans involved in reviewing or analyzing any organizational data that is collected or stored by this app?

Yes

Feedback

Questions or updates to any of the information you see here? Contact us!

Information from the Microsoft Cloud App Security catalog appears below.

Note

The information on this page is based on a self-attestation report provided by the app developer on the security, compliance and data handling practices followed by the app. Microsoft makes no guarantees regarding the accuracy of the information. Contact us if you believe information about an app is outdated.

View in a new tab

Feedback

Questions or updates to any of the information you see here? Contact us!