LawToolBox Matters for Outlook, Teams & SharePoint

Publisher Attestation: The information on this page is based on a self-assessment report provided by the app developer on the security, compliance, and data handling practices followed by this app. Microsoft makes no guarantees regarding the accuracy of the information.

Last updated by the developer on: June 24, 2021

General information

Information provided by LawToolBox.com Inc. to Microsoft:

Information Response
App name LawToolBox Matters for Outlook, Teams & SharePoint
ID WA200003103
Office 365 clients supported Outlook 2013 or later on Windows, Outlook 2016 or later on Mac, Outlook on the web
Partner company name LawToolBox.com Inc.
URL of partner website https://www.lawtoolbox.com
URL of Privacy Policy https://www.lawtoolbox.com/privacy-policy/
URL of Terms of Use https://www.lawtoolbox.com/customersupport/2019/LawToolBox_...

Feedback

Questions or updates to any of the information you see here? Contact us!

How the app handles data

This information has been provided by LawToolBox.com Inc. about how this app collects and stores organizational data and the control that your organization will have over the data the app collects.

Data access using Microsoft Graph

List any Microsoft Graph permissions this app requires.

Permission Type of permission (Delegated/ Application) Is data collected? Justification for collecting it? Is data stored? Justification for storing it? Azure AD App ID
Calendars.Read delegated this permission is restricted accessing the user’s contacts that they already have access to – we use this to allow users to retrieve their own calendar information [Optional] Read user's calendar. 3ee373aa-62fa-4fc6-b11f-9627d5b4a73d
Calendars.ReadWrite delegated this permission is restricted accessing the user’s contacts that they already have access to – we use this to allow users to retrieve their own calendar information and write to calendars To create calendar invite in to user's calendar. 3ee373aa-62fa-4fc6-b11f-9627d5b4a73d
Calendars.ReadWrite.Shared delegated this permission is restricted accessing the user’s contacts that they already have access to – we use this to allow users to retrieve their own calendar information To create calendar invite in to shared calendar. 3ee373aa-62fa-4fc6-b11f-9627d5b4a73d
Contacts.ReadWrite delegated this permission is restricted accessing the user’s contacts that they already have access to. We use this permission to allow user to search their O365 contacts and add to LawToolBox – we do not automatically add any contact (this can be revoked if you do not want this feature and contacts can be manually added [Optional]- to read user Contacts and connect users from contact list to group. 3ee373aa-62fa-4fc6-b11f-9627d5b4a73d
Contacts.ReadWrite.Shared delegated we use this permission to allow user to search shared O365 contacts and add to LawToolBox – we do not add any contacts automatically [Optional]- to read users shared contacts to serve the list of contacts relevant to the case. 3ee373aa-62fa-4fc6-b11f-9627d5b4a73d
Directory.AccessAsUser.All delegated we use in admin portal to retrieve list of users from O365 tenant to add to your account [Optional] Read Groups and Users information as a user. 3ee373aa-62fa-4fc6-b11f-9627d5b4a73d
Directory.ReadWrite.All delegated we use in admin portal to retrieve list of users from O365 tenant to add to your account [Optional] Read Groups and Users information as a user. 3ee373aa-62fa-4fc6-b11f-9627d5b4a73d
Files.Read delegated this allows the addin to read and list the user files the user already has access to [Optional] Read user's OneDrive. 3ee373aa-62fa-4fc6-b11f-9627d5b4a73d
Files.Read.All delegated we use this permission to read and list the user files the user already has access to [Optional]-Read user's OneDrive. 3ee373aa-62fa-4fc6-b11f-9627d5b4a73d
Files.ReadWrite delegated we read files from Teams, Groups and OneDrive for meetings (if you revoke it will prevent our addin from listing matter files in our apps) [Optional]-Read and modify files in a user's OneDrive. 3ee373aa-62fa-4fc6-b11f-9627d5b4a73d
Files.ReadWrite.All delegated we read files from Teams, Groups and OneDrive for meetings (if you revoke it will prevent LTB from listing matter files in our apps). User can only use addin to read and list the user files the user already has access to [Optional] Read/write user's OneDrive file associated with the Matter. 3ee373aa-62fa-4fc6-b11f-9627d5b4a73d
Group.ReadWrite.All delegated GroupID, GroupName, GroupEmail We create a Group for each matter created in our system. This help user stores matter-related information into the Group, which in turn saves their data into their own tenant. 3ee373aa-62fa-4fc6-b11f-9627d5b4a73d
Mail.Read delegated we use this permission to read PACER emails in our outlook add-in to auto open that matter and also to read contacts from your email to add to our contact system [Optional] [InProgress] Read user's email for Matters. 3ee373aa-62fa-4fc6-b11f-9627d5b4a73d
Mail.ReadWrite delegated we use this permission to read PACER emails in our outlook add-in to auto open that matter and also to read contacts from your email to add to our contact system [Optional] [InProgress] Read/Write email for users. 3ee373aa-62fa-4fc6-b11f-9627d5b4a73d
Mail.ReadWrite.Shared delegated we use this permission to read PACER emails in our outlook add-in to auto open that matter and also to read contacts from your email to add to our contact system [Optional] [InProgress] Read/Write email for users. 3ee373aa-62fa-4fc6-b11f-9627d5b4a73d
Mail.Send delegated We use this sending emails as the user to allow a user to send themselves reports only of data they already have access to on our system [Optional] [InProgress] Send Deadlines on email as user. 3ee373aa-62fa-4fc6-b11f-9627d5b4a73d
Tasks.ReadWrite.Shared delegated this permission is restricted accessing the user’s tasks that they already have access to – we use this to allow users to retrieve and update their own TASK information. [Optional]-[InProgress] Read Write Deadlines as Task for users. 3ee373aa-62fa-4fc6-b11f-9627d5b4a73d
User.Read delegated used to suggest recent contacts to add to meetings or contacts Read user's Information. 3ee373aa-62fa-4fc6-b11f-9627d5b4a73d
User.ReadWrite delegated used to suggest recent contacts to add to meetings or contacts Read/Write user's Information. 3ee373aa-62fa-4fc6-b11f-9627d5b4a73d
User.ReadWrite.All delegated this is necessary to read the Teams API, create Teams, create Calendar event, create channels, Teams file sharing feature Read/Write user's Information. 3ee373aa-62fa-4fc6-b11f-9627d5b4a73d
email delegated Email, Office365 UserID, ObjectID, TenantID. Read user's email address. 3ee373aa-62fa-4fc6-b11f-9627d5b4a73d
profile delegated this is necessary for SSO authentication - we also use this permission to retrieve images and names saved on M365 tenant to display so the user knows they are in the correct toolbox Read user profile information. 3ee373aa-62fa-4fc6-b11f-9627d5b4a73d

Non-Microsoft services used

If the app transfers or shares organizational data with non-Microsoft service, list the non-Microsoft service the app uses, what data is transferred, and include a justification for why the app needs to transfer this information.

Non-Microsoft services are not used.

Telemetry data

Does any organizational identifiable information (OII) or end-user identifiable information (EUII) appear in this application's telemetry or logs? If yes, describe what data is stored and what are the retention and removal policies?

User Email,UserID, AccessToken, Groups information in our debug log

Organizational controls for data stored by partner

Describe how organization's administrators can control their information in partner systems? e.g. deletion, retention, auditing, archiving, end-user policy, etc.

We retain case records unless we receive a request to delete the data.

Human review of organizational information

Are humans involved in reviewing or analyzing any organizational identifiable information (OII) data that is collected or stored by this app?

No

Feedback

Questions or updates to any of the information you see here? Contact us!

Identity information

This information has been provided by LawToolBox.com Inc. about how this app handles authentication, authorization, application registration best practices, and other Identity criteria.

Information Response
Do you integrate with Microsoft Identify Platform (Azure AD)? Yes
Have you reviewed and complied with all applicable best practices outlined in the Microsoft identity platform integration checklist? Yes
Does your app use MSAL (Microsoft Authentication Library) for authentication? Yes
Does your app support Conditional Access policies? Yes
List the types of policies supported For greater control admin can implement app permissions
Does your app request least privilege permissions for your scenario? Yes
Does your app's statically registered permissions accurately reflect the permissions your app will request dynamically and incrementally? Yes
Does your app support multi-tenancy? Yes
Does your app have a confidential client? No
Do you own all of the redirect Unified Resource Identifier (URI) registered for your app? Yes
For your app, what do you avoid using? ,
- OAuth2 Implicit Flow, unless required for a SPA
Does your app expose any web APIs? No
Does your app use preview APIs? No
Does your app use deprecated APIs? No

Feedback

Questions or updates to any of the information you see here? Contact us!