OnePlaceMail for Outlook

Publisher Attestation: The information on this page is based on a self-assessment report provided by the app developer on the security, compliance, and data handling practices followed by this app. Microsoft makes no guarantees regarding the accuracy of the information.

Last updated by the developer on: October 12, 2019

General information

Information provided by OnePlace Solutions to Microsoft:

Information Response
App name OnePlaceMail for Outlook
ID WA104380723
Office 365 clients supported Outlook 2013 or later on Windows, Outlook 2016 or later on Mac, Outlook on iOS, Outlook on Android, Outlook on the web
Partner company name OnePlace Solutions
Physical address Level 2, 27 Belgrave Street, Manly, New South Wales, Australia
URL of partner website https://www.oneplacesolutions.com/
URL of Privacy Policy https://www.oneplacesolutions.com/oneplacemailapp-privacy
URL of Terms of Use https://go.microsoft.com/fwlink/?LinkID=521715&omkt=en-US
Main telephone number +61 299 771 312
Description of available licensing options, if any Per user subscription licensing available in different plans and currencies - further details available at https://www.oneplacesolutions.com/pricing-apps.html;
Licensing contact james.fox@oneplacesolutions.com
Licensing telephone number https://www.oneplacesolutions.com/contact-us.html

Feedback

Questions or updates to any of the information you see here? Contact us!

How the app handles data

Information provided by OnePlace Solutions on how this app collects and stores organizational data, and what control an organization has over this data.

Data access using Microsoft Graph

List any Microsoft Graph permissions this app requires, and for each, whether they are delegate or application permissions, the justification and purpose for this permission (what does the app use this information for?), and whether the app stores any of this information in its databases.

Permission Delegated/Application Justification/Purpose Is any of this data stored in app database(s)? Azure AD App ID
Files.ReadWrite.All Delegated Required to access files in SharePoint to determine if files already exist and to save email and attachments into SharePoint. 2ead1309-ccd2-4b21-9eda-99cb0beabf88
Group.ReadWrite.All Delegated Required to determine Teams the current user is a member of. 2ead1309-ccd2-4b21-9eda-99cb0beabf88
Mail.ReadWrite Delegated Required to access mail properties so the properties. 2ead1309-ccd2-4b21-9eda-99cb0beabf88
Sites.Read.All Delegated Required for basic navigation of SharePoint locations and configuration of content types and columns. 2ead1309-ccd2-4b21-9eda-99cb0beabf88
Sites.ReadWrite.All Delegated Required to set properties on items the app has uploaded to SharePoint. 2ead1309-ccd2-4b21-9eda-99cb0beabf88
User.Read Delegated Required for authentication to the Microsoft Graph. The following data is stored by the app in a database and is used for subscription and user license tracking: User Id, Email, First Name, Last Name. 2ead1309-ccd2-4b21-9eda-99cb0beabf88
User.ReadBasic.All Delegated Required to show the user profile image in the people picker field. 2ead1309-ccd2-4b21-9eda-99cb0beabf88
User.ReadWrite.All Delegated Required to determine if the Teams service is enabled within the users Office 365 tenancy. 2ead1309-ccd2-4b21-9eda-99cb0beabf88
Files.ReadWrite.All Delegated Required to access files in SharePoint to determine if files already exist and to save email and attachments into SharePoint. 93d60ec5-960a-4e52-9b16-0ecf3f6adc93
Mail.ReadWrite Delegated Required to access mail properties so the properties. 93d60ec5-960a-4e52-9b16-0ecf3f6adc93
Sites.Read.All Delegated Required for basic navigation of SharePoint locations and configuration of content types and columns. 93d60ec5-960a-4e52-9b16-0ecf3f6adc93
Sites.ReadWrite.All Delegated Required to set properties on items the app has uploaded to SharePoint. 93d60ec5-960a-4e52-9b16-0ecf3f6adc93
User.Read Delegated Required for authentication to the Microsoft Graph. The following data is stored by the app in a database and is used for subscription and user license tracking: User Id, Email, First Name, Last Name. 93d60ec5-960a-4e52-9b16-0ecf3f6adc93
User.ReadBasic.All Delegated Required to show the user profile image in the people picker field. 93d60ec5-960a-4e52-9b16-0ecf3f6adc93

Data access using other Microsoft APIs

Apps and add-ins built on Microsoft 365 may use additional Microsoft APIs other than Microsoft Graph to collect or process organizational information. List any Microsoft APIs other than Microsoft Graph this app uses, and for each, the justification and purpose (what does the app use this information for?), and whether the app stores any of this information in its databases.

Microsoft API Justification/Purpose Is any of this data stored in app database(s)?
Exchange Web Services (EWS) EWS.AccessAsUser.All (Delegated) is required to extract an email and attachments in order to save to SharePoint. Also required to set the 'Transferred to SharePoint' category flag once the email has been saved to SharePoint.

Mail.ReadWrite (Delegated) is required to extract an email and attachments in order to save to SharePoint. Also required to set the 'Transferred to SharePoint' category flag once the email has been saved to SharePoint.

The required permissions for the app and justification are published here. | The organisational information accessed by the additional Microsoft APIs are used to facilitate the process of saving email and attachments from Exchange to SharePoint. This additional data is not stored at rest and is encrypted in transit. Examples of this data includes SharePoint column values such as Choice column values, Taxonomy values, Content Type names, Folder Names, Site Names. While this data is not stored or collected by the app it may appear in telemetry/logs where it is retained for 90 days. |

| SharePoint REST APIs | AllSites.Manage (Delegated) Required to set column properties on SharePoint items and perform check in operations.

The required permissions for the app and justification are published here. | The organisational information accessed by the additional Microsoft APIs are used to facilitate the process of saving email and attachments from Exchange to SharePoint. This additional data is not stored at rest and is encrypted in transit. Examples of this data includes SharePoint column values such as Choice column values, Taxonomy values, Content Type names, Folder Names, Site Names. While this data is not stored or collected by the app it may appear in telemetry/logs where it is retained for 90 days. |

Non-Microsoft Services Used

If the app transfers or shares organizational data with non-Microsoft service(s), list the non-Microsoft service(s) the app uses, what data is transferred, and include a justification for why the app needs to transfer this information.

The Chargify service is used for subscription management and billing. For in-app (free) subscription creation the First Name, Last Name, Email Address of the user are shared with Chargify. For purchased subscriptions (which support multiple licensed users) the individual user details are not shared with the Chargify service.

Add-in Data Access

List the permissions this app requires for accessing your organization's data, the justification and purpose for this permission (what does the app use this information for?), and whether the app stores any of this information in its databases.

Permission Description
ReadWrite Mailbox This add-in can read or modify the contents of any item in your mailbox, and create new items. It can access personal information -- such as the body, subject, sender, recipients, or attachments -- in any message or calendar item. It may send this data to a third-party service.
Send Data Can send data over the Internet

Telemetry data

Does any organizational information, including EUII (end-user identifiable information) and OII (organizational identifiable information), appears in this application's telemetry/logs? If yes, describe what data is present and what controls/processes an organization has in place to archive and/or delete it. If no, describe the controls/processes in place to prevent EUII and OII from appearing in telemetry/logs.

EUII and OII does appear in telemetry. This information is stored in Application Insights, encrypted at rest, access controlled and deleted after 90 days

Storing and securing organizational data

Describe where/how is this application's data is stored and how access to it is controlled. Is it encrypted? Who can access it? How do you ensure that only authorized systems/individuals can access it? Examples: 2FA for all admins, Privileged Access Management (PMA), partitioning service admin accounts from Azure AD/corporate user accounts, protected IP ranges between systems, etc.

Not applicable

Organizational controls for data stored by partner

Describe any capabilities an organization's administrators have to control their information residing in partner systems, e.g. deletion, retention, auditing, archiving, end-user policy, etc.

Data stored in the application is encrypted in transit and at rest. We rely on Office 365 credentials for our apps, so we do not store user passwords in our system. Access to stored data/logs/telemetry is tightly controlled to internal administration staff with the need to access the information for the purpose of running and monitoring the health of the app. Two-Factor Authentication enforced for all internal administration staff.

Human review of organizational information

Are humans involved in reviewing or analyzing any organizational data that is collected or stored by this app?

Yes

Feedback

Questions or updates to any of the information you see here? Contact us!

Information from the Microsoft Cloud App Security catalog appears below.

Note

The information on this page is based on a self-attestation report provided by the app developer on the security, compliance and data handling practices followed by the app. Microsoft makes no guarantees regarding the accuracy of the information. Contact us if you believe information about an app is outdated.

View in a new tab

Feedback

Questions or updates to any of the information you see here? Contact us!