Priority Matrix

Publisher Attestation: The information on this page is based on a self-assessment report provided by the app developer on the security, compliance, and data handling practices followed by this app. Microsoft makes no guarantees regarding the accuracy of the information.

Last updated by the developer on: October 12, 2019

General information

Information provided by Appfluence Inc to Microsoft:

Information Response
App name Priority Matrix
ID 5be2b320-a5b7-4221-893c-dee506e4e365
Capabilities Bot, Tab, Messaging Extension, Connector
Office 365 clients supported Microsoft Teams
Partner company name Appfluence Inc
Physical address 2627 Hanover st, Palo Alto, CA 94304
Contact information for this app support@appfluence.com
URL of partner website https://appfluence.com
URL of Teams application info page https://appfluence.com/help/
URL of Privacy Policy https://appfluence.com/privacy
URL of Terms of Use https://appfluence.com/eula
Main telephone number 1(650)427-9050
Description of available licensing options, if any Priority Matrix is provided in the form of software as a service (SaaS), with options for individuals, teams and larger organizations. Monthly/annual/multiannual contracts are available, as well as custom enterprise options.
Licensing contact sales@appfluence.com
Licensing telephone number https://appfluence.com/pricing

Feedback

Questions or updates to any of the information you see here? Contact us!

How the app handles data

Information provided by Appfluence Inc on how this app collects and stores organizational data, and what control an organization has over this data.

Data access using Microsoft Graph

List any Microsoft Graph permissions this app requires, and for each, whether they are delegate or application permissions, the justification and purpose for this permission (what does the app use this information for?), and whether the app stores any of this information in its databases.

Permission Delegated/Application Justification/Purpose Is any of this data stored in app database(s)? Azure AD App ID
Calendars.Read Delegated Read calendar events so they can be displayed in our 1:1 view. Also to initialize new accounts. A small number of calendar events are turned into tasks stored in our system. d76f016f-52c7-41b5-835b-900361d7040c, 5be2b320-a5b7-4221-893c-dee506e4e365
Tasks.Read Delegated We bootstrap new user accounts with their Graph tasks. Some Outlook/Planner tasks are replicated in our system to help new users. affadfb6-f17b-428f-97f9-9aae3b6175bc
User.Read Delegated Get the user's name, email, avatar, to personalize their account with us. Basic user profile information (display name, first name, last name, email, avatar) is stored by us. affadfb6-f17b-428f-97f9-9aae3b6175bc
User.ReadBasic.All Delegated On new account creation, we use this to suggest other team members. Only when a new user is added to the account, do we store their email. affadfb6-f17b-428f-97f9-9aae3b6175bc
openid Delegated In order to sign in users via single-sign-on. We store the SSO connection to indicate the login mode for the user. 5be2b320-a5b7-4221-893c-dee506e4e365
offline_access Delegated Refresh token without bothering the user. (Priority Matrix for Teams) We store the login token in order to perform requests on behalf of the user 5be2b320-a5b7-4221-893c-dee506e4e365
Mail.Read Delegated Used in our Outlook add-in to turn emails into tasks, and to display shared work in 1:1 view. We store tasks created in our system, with a link to the original message. d76f016f-52c7-41b5-835b-900361d7040c, 5be2b320-a5b7-4221-893c-dee506e4e365
Contacts.Read Delegated On new account creation, we use this to suggest other team members. Only when a new user is added to the account, do we store their email. affadfb6-f17b-428f-97f9-9aae3b6175bc

Data access using other Microsoft APIs

Apps and add-ins built on Microsoft 365 may use additional Microsoft APIs other than Microsoft Graph to collect or process organizational information. List any Microsoft APIs other than Microsoft Graph this app uses, and for each, the justification and purpose (what does the app use this information for?), and whether the app stores any of this information in its databases.

Microsoft API Justification/Purpose Is any of this data stored in app database(s)?
None Not Applicable Not Applicable

Non-Microsoft Services Used

If the app transfers or shares organizational data with non-Microsoft service(s), list the non-Microsoft service(s) the app uses, what data is transferred, and include a justification for why the app needs to transfer this information.

We do not share organizational data with non-Microsoft services.

Data access via bots

If this app contains a bot or a messaging extension, it can access the roster (first name, last name, display name, email address) of any team member in a team or chat it's added to. Does this app make use of this capability?

Priority Matrix manages project/task data created by the user, or by the app automatically in response to events.

Access team/chat roster? Justification/Purpose Is any of this data stored in app database(s)?
Yes The bot is able to create tasks and assign them to a specific teammate, and to do so it needs to know their name. We do not store roster information in our database; we only use it in real time to show possible collaborators in some of our app screens.

Telemetry data

Does any organizational information, including EUII (end-user identifiable information) and OII (organizational identifiable information), appears in this application's telemetry/logs? If yes, describe what data is present and what controls/processes an organization has in place to archive and/or delete it. If no, describe the controls/processes in place to prevent EUII and OII from appearing in telemetry/logs.

Yes, we use the user's email as their unique ID in our system, and that is used to trace application errors, and to track key events in the system (downloads, sign ins, application versions, etc) so that our customer service team can provide a prompt response to customer queries. As part of our GDPR compliance, we delete all customer data within 2 weeks of a deletion request, although in practice we do this on the same day, as we have internal scripts to do this in a semi-automatic way.

Storing and securing organizational data

Describe where/how is this application's data is stored and how access to it is controlled. Is it encrypted? Who can access it? How do you ensure that only authorized systems/individuals can access it? Examples: 2FA for all admins, Privileged Access Management (PMA), partitioning service admin accounts from Azure AD/corporate user accounts, protected IP ranges between systems, etc.

Users of Priority Matrix in general, and organization administrators in particular, have the right to request an audit of all the data stored in our system in a human-readable format. This can be done in a self-serve way via our dashboard. They can also request that their data be scrubbed from our system, which requires our customer service team to comply in short notice.

Organizational controls for data stored by partner

Describe any capabilities an organization's administrators have to control their information residing in partner systems, e.g. deletion, retention, auditing, archiving, end-user policy, etc.

Application data is stored securely in an encrypted database with access limited to a small group of admins. In order to further secure access, we enforce 2-factor authentication, limit access to a controlled set of IP addresses, and locate the database in its own private subnet, directly inaccessible from the open internet.

Human review of organizational information

Are humans involved in reviewing or analyzing any organizational data that is collected or stored by this app?

No

Feedback

Questions or updates to any of the information you see here? Contact us!

Information from the Microsoft Cloud App Security catalog appears below.

Note

The information on this page is based on a self-attestation report provided by the app developer on the security, compliance and data handling practices followed by the app. Microsoft makes no guarantees regarding the accuracy of the information. Contact us if you believe information about an app is outdated.

View in a new tab

Feedback

Questions or updates to any of the information you see here? Contact us!