Decisions

Publisher Attestation: The information on this page is based on a self-assessment report provided by the app developer on the security, compliance, and data handling practices followed by this app. Microsoft makes no guarantees regarding the accuracy of the information.

Last updated by the developer on: June 2, 2021

General information

Information provided by Decisions to Microsoft:

Information Response
App name Decisions
ID WA104381880
Office 365 clients supported Microsoft Teams
Partner company name Decisions
URL of partner website https://www.meetingdecisions.com
URL of Teams application info page https://www.meetingdecisions.com
URL of Privacy Policy https://www.meetingdecisions.com/privacy
URL of Terms of Use https://www.meetingdecisions.com/terms-of-service

Feedback

Questions or updates to any of the information you see here? Contact us!

How the app handles data

This information has been provided by Decisions about how this app collects and stores organizational data and the control that your organization will have over the data the app collects.

Data access using Microsoft Graph

List any Microsoft Graph permissions this app requires.

Permission Type of permission (Delegated/ Application) Is data collected? Justification for collecting it? Is data stored? Justification for storing it? Azure AD App ID
Calendars.ReadWrite delegated Used to read information from the user’s calendar to enable features like the meeting list and search. It also gives the user an option to delete specific meetings from the calendar when the item is deleted from Decisions. Customer data is stored in the customer’s Office 365 tenant and that all customer data is processed on customer devices only. The Decisions database only maintains references to objects in the customers Office 365 tenant, not the actual data. Refer to https://www.meetingdecisions.com/security-and-privacy for more details. 1064f7e4-a9e2-467d-8d42-f45cc59f145d
Chat.ReadWrite delegated Used to send decisions for voting and create speaker lists for individual agenda items directly to the Microsoft Teams meeting chat. Customer data is stored in the customer’s Office 365 tenant and that all customer data is processed on customer devices only. The Decisions database only maintains references to objects in the customers Office 365 tenant, not the actual data. Refer to https://www.meetingdecisions.com/security-and-privacy for more details. 1064f7e4-a9e2-467d-8d42-f45cc59f145d
Directory.Read.All delegated Used to gather basic information about the Office 365 tenant when registered, such as tenant name and verified domains. It is also necessary for verifying group memberships. Customer data is stored in the customer’s Office 365 tenant and that all customer data is processed on customer devices only. The Decisions database only maintains references to objects in the customers Office 365 tenant, not the actual data. Refer to https://www.meetingdecisions.com/security-and-privacy for more details. 1064f7e4-a9e2-467d-8d42-f45cc59f145d
Files.Read.All delegated Used to read files that are shared with the user in order to merge those files into the PDF Meeting Book. Customer data is stored in the customer’s Office 365 tenant and that all customer data is processed on customer devices only. The Decisions database only maintains references to objects in the customers Office 365 tenant, not the actual data. Refer to https://www.meetingdecisions.com/security-and-privacy for more details. 1064f7e4-a9e2-467d-8d42-f45cc59f145d
Files.ReadWrite.All delegated Used to provide users with support for personal file annotations. Annotated files are stored privately in the user’s OneDrive for Business. Customer data is stored in the customer’s Office 365 tenant and that all customer data is processed on customer devices only. The Decisions database only maintains references to objects in the customers Office 365 tenant, not the actual data. Refer to https://www.meetingdecisions.com/security-and-privacy for more details. 1064f7e4-a9e2-467d-8d42-f45cc59f145d
Group.ReadWrite.All delegated Used to create folder structures in the Office 365 Group’s SharePoint site for meeting agendas, related files and group conversations. Note: Users of Decisions will never get access to any resources (for example, groups) they do not already have access to in your organization's Office 365 tenant. Customer data is stored in the customer’s Office 365 tenant and that all customer data is processed on customer devices only. The Decisions database only maintains references to objects in the customers Office 365 tenant, not the actual data. Refer to https://www.meetingdecisions.com/security-and-privacy for more details. 1064f7e4-a9e2-467d-8d42-f45cc59f145d
Mail.Send delegated Used to allow users of Decisions to send meeting participants notifications, such as agenda updates and links to the meeting for co-authors. Emails go to meeting participants or to the distribution list selected by the meeting owner. All notifications and emails sent are actively done so by the Decisions users. Note: This does not give the user access to its inbox through Decisions. Customer data is stored in the customer’s Office 365 tenant and that all customer data is processed on customer devices only. The Decisions database only maintains references to objects in the customers Office 365 tenant, not the actual data. Refer to https://www.meetingdecisions.com/security-and-privacy for more details. 1064f7e4-a9e2-467d-8d42-f45cc59f145d
MailboxSettings.Read delegated Used to identify a user’s language preferences. Customer data is stored in the customer’s Office 365 tenant and that all customer data is processed on customer devices only. The Decisions database only maintains references to objects in the customers Office 365 tenant, not the actual data. Refer to https://www.meetingdecisions.com/security-and-privacy for more details. 1064f7e4-a9e2-467d-8d42-f45cc59f145d
Notes.ReadWrite delegated Used to set-up private notebooks for meetings to take notes and prepare remarks and questions. It also allows for group meeting minutes to be stored within their shared OneNote notebook, should the group opt to use OneNote. Customer data is stored in the customer’s Office 365 tenant and that all customer data is processed on customer devices only. The Decisions database only maintains references to objects in the customers Office 365 tenant, not the actual data. Refer to https://www.meetingdecisions.com/security-and-privacy for more details. 1064f7e4-a9e2-467d-8d42-f45cc59f145d
Sites.ReadWrite.All delegated Use to create folder structures in private channels for meeting information. Customer data is stored in the customer’s Office 365 tenant and that all customer data is processed on customer devices only. The Decisions database only maintains references to objects in the customers Office 365 tenant, not the actual data. Refer to https://www.meetingdecisions.com/security-and-privacy for more details. 1064f7e4-a9e2-467d-8d42-f45cc59f145d
Tasks.ReadWrite delegated Used to sync tasks and decisions to Microsoft Planner. It also allows users to export tasks and decisions to Excel. Customer data is stored in the customer’s Office 365 tenant and that all customer data is processed on customer devices only. The Decisions database only maintains references to objects in the customers Office 365 tenant, not the actual data. Refer to https://www.meetingdecisions.com/security-and-privacy for more details. 1064f7e4-a9e2-467d-8d42-f45cc59f145d
TeamsAppInstallation.ReadWriteForUser delegated Required to programmatically install Decisions App in chat. This is required before adding the Decisions Tab for the in meeting experience. Customer data is stored in the customer’s Office 365 tenant and that all customer data is processed on customer devices only. The Decisions database only maintains references to objects in the customers Office 365 tenant, not the actual data. Refer to https://www.meetingdecisions.com/security-and-privacy for more details. 1064f7e4-a9e2-467d-8d42-f45cc59f145d
TeamsAppInstallation.ReadWriteForUser.All delegated Required to programmatically install Decisions App in chat. This is required before adding the Decisions Tab for the in meeting experience. Customer data is stored in the customer’s Office 365 tenant and that all customer data is processed on customer devices only. The Decisions database only maintains references to objects in the customers Office 365 tenant, not the actual data. Refer to https://www.meetingdecisions.com/security-and-privacy for more details. 1064f7e4-a9e2-467d-8d42-f45cc59f145d
TeamsTab.Create delegated Require to add In-Meeting/Channel tab in Teams. Customer data is stored in the customer’s Office 365 tenant and that all customer data is processed on customer devices only. The Decisions database only maintains references to objects in the customers Office 365 tenant, not the actual data. Refer to https://www.meetingdecisions.com/security-and-privacy for more details. 1064f7e4-a9e2-467d-8d42-f45cc59f145d
TeamsTab.Read.All delegated Required to check if the tab is installed or not. Customer data is stored in the customer’s Office 365 tenant and that all customer data is processed on customer devices only. The Decisions database only maintains references to objects in the customers Office 365 tenant, not the actual data. Refer to https://www.meetingdecisions.com/security-and-privacy for more details. 1064f7e4-a9e2-467d-8d42-f45cc59f145d
User.ReadBasic.All delegated Used to display first and last name, photo and email address of group members and external participants. Customer data is stored in the customer’s Office 365 tenant and that all customer data is processed on customer devices only. The Decisions database only maintains references to objects in the customers Office 365 tenant, not the actual data. Refer to https://www.meetingdecisions.com/security-and-privacy for more details. 1064f7e4-a9e2-467d-8d42-f45cc59f145d
profile delegated Used to sign in. Customer data is stored in the customer’s Office 365 tenant and that all customer data is processed on customer devices only. The Decisions database only maintains references to objects in the customers Office 365 tenant, not the actual data. Refer to https://www.meetingdecisions.com/security-and-privacy for more details. 1064f7e4-a9e2-467d-8d42-f45cc59f145d

Non-Microsoft services used

If the app transfers or shares organizational data with non-Microsoft service, list the non-Microsoft service the app uses, what data is transferred, and include a justification for why the app needs to transfer this information.

Non-Microsoft services are not used.

Data access via bots

If this app contains a bot or a messaging extension, it can access end-user identifiable information (EUII): the roster (first name, last name, display name, email address) of any team member in a team or chat it's added to. Does this app make use of this capability?

No EUII is accessed.

Telemetry data

Does any organizational identifiable information (OII) or end-user identifiable information (EUII) appear in this application's telemetry or logs? If yes, describe what data is stored and what are the retention and removal policies?

No OII or EUII appear in the applications telemetry or logs.

Organizational controls for data stored by partner

Describe how organization's administrators can control their information in partner systems? e.g. deletion, retention, auditing, archiving, end-user policy, etc.

The data provided by the Customer while using the Software is only available to the Customer. The Service is delivered on Microsoft Office 365 Cloud Services and Microsoft Azure. All customer data is stored in the customers Microsoft Office 365 tenant. All data stored or processed on the service are anonymous and non-traceable to individual persons. As such, Decisions will not store, collect or process personal data on behalf of the Customer.

Human review of organizational information

Are humans involved in reviewing or analyzing any organizational identifiable information (OII) data that is collected or stored by this app?

No

Feedback

Questions or updates to any of the information you see here? Contact us!

Identity information

This information has been provided by Decisions about how this app handles authentication, authorization, application registration best practices, and other Identity criteria.

Information Response
Do you integrate with Microsoft Identify Platform (Azure AD)? Yes
Have you reviewed and complied with all applicable best practices outlined in the Microsoft identity platform integration checklist? Yes
Does your app use MSAL (Microsoft Authentication Library) for authentication? Yes
Does your app support Conditional Access policies? Yes
List the types of policies supported All
Does your app request least privilege permissions for your scenario? Yes
Does your app's statically registered permissions accurately reflect the permissions your app will request dynamically and incrementally? Yes
Does your app support multi-tenancy? Yes
Does your app have a confidential client? Yes
Do you own all of the redirect Unified Resource Identifier (URI) registered for your app? Yes
For your app, what do you avoid using? - Wildcard redirect URIs,
- OAuth2 Implicit Flow, unless required for a SPA
- Resource Owner Password Credential (ROPC) flow
Does your app expose any web APIs? Yes
Does your permission model only allow calls to succeed if the client app receives the proper consent? Yes
Does your app use preview APIs? No
Does your app use deprecated APIs? No

Feedback

Questions or updates to any of the information you see here? Contact us!