Arrangr

Publisher Attestation: The information on this page is based on a self-assessment report provided by the app developer on the security, compliance, and data handling practices followed by this app. Microsoft makes no guarantees regarding the accuracy of the information.

Last updated by the developer on: June 15, 2021

General information

Information provided by Arrangr, Inc. to Microsoft:

Information Response
App name Arrangr
ID WA200002975
Office 365 clients supported Microsoft Teams
Partner company name Arrangr, Inc.
URL of partner website https://arrangr.com
URL of Teams application info page https://arrangr.com/welcome
URL of Privacy Policy https://arrangr.com/privacy_policy
URL of Terms of Use https://arrangr.com/terms_of_use

Feedback

Questions or updates to any of the information you see here? Contact us!

How the app handles data

This information has been provided by Arrangr, Inc. about how this app collects and stores organizational data and the control that your organization will have over the data the app collects.

Data access using Microsoft Graph

List any Microsoft Graph permissions this app requires.

Permission Type of permission (Delegated/ Application) Is data collected? Justification for collecting it? Is data stored? Justification for storing it? Azure AD App ID
Calendars.ReadWrite delegated We collect names of user's calendars, and details about their calendar events, to facilitate scheduling meetings. We store the names of any calendars they have connected, so that they can see and change which calendars they have connected 57de46f8-193a-400c-9a34-c862333aed55
Channel.ReadBasic.All delegated Collect list of channels available to user, so that we can show them a list of their channels for them to pick one to share an Arrangr invite into. We don't store information on the user's channels 57de46f8-193a-400c-9a34-c862333aed55
ChannelMessage.Send delegated This permission is used to send Arrangr invitations into Team channels on behalf of the user. It's not used for collecting data. No data is stored that is collected with this permission. 57de46f8-193a-400c-9a34-c862333aed55
Chat.ReadWrite delegated This permission is used to send Arrangr invites into a Teams chat on behalf of the user. This permission isn't used to collect data. No data is stored that is collected with this permission. 57de46f8-193a-400c-9a34-c862333aed55
ChatMessage.Send delegated This permission is used to send Arrangr invites into 1:1 and group chats on behalf of the user. It isn't used to collect data. No data is stored that is collected with this permission. 57de46f8-193a-400c-9a34-c862333aed55
OnlineMeetings.ReadWrite delegated Arrangr collects Microsoft Teams meeting links in the process of generating them with this permission. We generate Teams meetings on the user's behalf so that they can arrange Teams calls on Arrangr. We store the meeting links, so that they can be shared with the appropriate parties to join the meeting. 57de46f8-193a-400c-9a34-c862333aed55
People.Read delegated We collect names and emails of people relevant to the user. This is so that we can make it easy for the user to select them as recipients of Arrangr invites. If the user ends up selecting a recipient offered through this API, then we save the name and email of that recipient in order to conduct the meeting, and to make it easy for the user to select them as a recipient again in the future. 57de46f8-193a-400c-9a34-c862333aed55
Team.ReadBasic.All delegated We collect the names of the user's Teams, so that they can select which Teams they want to connect to Arrangr, and which Team they want to share an Arrangr invite into. Arrangr stores the names of Teams the user has chosen to link to Arrangr, so that we can display those Teams in their settings, and let them select from those Teams when deciding where to share an Arrangr invite. 57de46f8-193a-400c-9a34-c862333aed55
TeamsAppInstallation.ReadWriteSelfForUser delegated We read whether or not our app has been installed in the user's Teams account, so that we can ask them if they want to install our app, and so that we may install it for them. We do not store data collected through this permission. 57de46f8-193a-400c-9a34-c862333aed55
profile delegated Name and email address Name and email address, in order to show the user what account they have connected to our service. 57de46f8-193a-400c-9a34-c862333aed55

Data access using other Microsoft APIs

Apps and add-ins built on Microsoft 365 may use additional Microsoft APIs other than Microsoft Graph to collect or process organizational identifiable information (OII). List any Microsoft APIs other than Microsoft Graph this app uses.

API Is OII collected? What OII is Collected? Justification for collecting OII? Is OII stored? Justification for storing OII?
Outlook Yes Name, email, calendar names, calendar event info We collect this information to allow users to connect their calendar to Arrangr to facilitate scheduling meetings Name, email, calendar names We store this information so we can show the users what accounts and calendars they have connected to our service

Non-Microsoft services used

If the app transfers or shares organizational data with non-Microsoft service, list the non-Microsoft service the app uses, what data is transferred, and include a justification for why the app needs to transfer this information.

All non-Microsoft services OII is transferred to What OII is transferred? Justification for transferring OII?
Google Cloud, SendGrid, Stripe, Quaderno Google Cloud stores all user data, user names and emails are shared with SendGrid in order to send email to users, Stripe received user names, emails, and payment information for processing payments. Quaderno receives user names, emails, and geographic information in order to aid with sales tax compliance. Google Cloud is needed for storing data to remember users and provide the information they have chosen to store in Arrangr. To send emails to our uses we must provide their email addresses to SendGrid. To collect payments we must process their payment info in Stripe, but we do not store their payment info on our own servers. Quaderno is needed to calculate sales tax and make sure that we stay in compliance with sales tax regulations.

Data access via bots

If this app contains a bot or a messaging extension, it can access end-user identifiable information (EUII): the roster (first name, last name, display name, email address) of any team member in a team or chat it's added to. Does this app make use of this capability?

Justification for accessing EUII? Is EUII stored in database(s)? Justification for storing EUII?
Users will use our messaging extension to schedule meetings with others. We need to show the user the account they are logged into, and we need to be able to associate the invitation they send with the correct Arrangr user. User names, emails, and communication information. This information is needed to coordinate meetings between multiple parties, and share with the details for connecting and who they are meeting with.

Telemetry data

Does any organizational identifiable information (OII) or end-user identifiable information (EUII) appear in this application's telemetry or logs? If yes, describe what data is stored and what are the retention and removal policies?

No OII or EUII appear in the applications telemetry or logs.

Organizational controls for data stored by partner

Describe how organization's administrators can control their information in partner systems? e.g. deletion, retention, auditing, archiving, end-user policy, etc.

We control the data stored in Google Cloud Datastore through their API, and can delete any data we need to. Our users are able to request removal of their accounts and deletion of their data.

Human review of organizational information

Are humans involved in reviewing or analyzing any organizational identifiable information (OII) data that is collected or stored by this app?

Yes

Feedback

Questions or updates to any of the information you see here? Contact us!

Identity information

This information has been provided by Arrangr, Inc. about how this app handles authentication, authorization, application registration best practices, and other Identity criteria.

Information Response
Do you integrate with Microsoft Identify Platform (Azure AD)? No

Feedback

Questions or updates to any of the information you see here? Contact us!