Vacation Tracker

Publisher Attestation: The information on this page is based on a self-assessment report provided by the app developer on the security, compliance, and data handling practices followed by this app. Microsoft makes no guarantees regarding the accuracy of the information.

Last updated by the developer on: September 15, 2021

General information

Information provided by Vacation Tracker to Microsoft:

Information Response
App name Vacation Tracker
ID WA200002167
Office 365 clients supported Microsoft Teams
Partner company name Vacation Tracker
URL of partner website https://vacationtracker.io
URL of Teams application info page https://vacationtracker.io/vacation-calendar-tracker-featur...
URL of Privacy Policy https://vacationtracker.io/privacy-policy/
URL of Terms of Use https://vacationtracker.io/terms-of-service/

Feedback

Questions or updates to any of the information you see here? Contact us!

How the app handles data

This information has been provided by Vacation Tracker about how this app collects and stores organizational data and the control that your organization will have over the data the app collects.

Data access using Microsoft Graph

List any Microsoft Graph permissions this app requires.

Permission Type of permission (Delegated/ Application) Is data collected? Justification for collecting it? Is data stored? Justification for storing it? Azure AD App ID
Group.Read.All delegated We read public channel IDs and names when users set their weekly or daily notifications. Users can select a channel where they want to receive daily or weekly notifications from Vacation Tracker. When a user choose their preferred channel, we store the channel ID. eab5463e-8168-40ee-887a-7ac78de1d266
Team.ReadBasic.All delegated We list the Microsoft Teams teams user joined during the signup to allow users to select a team that they want to sign up for Vacation Tracker. They can alternatively sign up with their whole organization. We store the Microsoft Teams team ID for a selected team only if the user signs up for Vacation Tracker as a single team (not as a whole organization). We use team IDs to connect a logged-in user with an existing account in Vacation Tracker. eab5463e-8168-40ee-887a-7ac78de1d266
User.Read delegated We collect the basic user's info, including their name, ID, and tenant ID. We use this data to connect logged in users to their organization in Vacation Tracker. We store user's name, ID, and tenant ID. We use this data to connect logged in users to their organization in Vacation Tracker. eab5463e-8168-40ee-887a-7ac78de1d266
User.Read.All delegated Our users can import all users from their Microsoft 365 organization or Microsoft Teams team. We use this permission to import only licensed users for a selected Microsoft Teams team or organization. We store basic info about imported users, including their name, email address, and user ID. eab5463e-8168-40ee-887a-7ac78de1d266
User.ReadBasic.All delegated We allow users to import the other users from their organization or their Microsoft Teams team. We use this permission to list the available users and their email addresses in the import popup. When users select their coworkers to import to Vacation Tracker, we store basic info about these imported users, including their name, email address, and user ID. eab5463e-8168-40ee-887a-7ac78de1d266
email delegated When user logs in using Microsoft AAD, we store their email address as a unique identifier. We store user's email as a unique identifier. We do not use this email for communication, users enter their business email address that we use for communication during the signup. eab5463e-8168-40ee-887a-7ac78de1d266
offline_access delegated We do not collect any data with this permission. It's used to maintain the access to data we permission to access. We do not store any data with this permission. eab5463e-8168-40ee-887a-7ac78de1d266
openid delegated We use this permission to sign in or sign up users to Vacation Tracker. We do not collect any specific data with this permission. We use this permission to sign in or sign up users to Vacation Tracker. We do not store any specific data with this permission. eab5463e-8168-40ee-887a-7ac78de1d266
profile delegated We collect the basic user's info, including their name, ID, and tenant ID. We use this data to connect logged in users to their organization in Vacation Tracker. We store user's name, ID, and tenant ID. We use this data to connect logged in users to their organization in Vacation Tracker. eab5463e-8168-40ee-887a-7ac78de1d266

Non-Microsoft services used

If the app transfers or shares organizational data with non-Microsoft service, list the non-Microsoft service the app uses, what data is transferred, and include a justification for why the app needs to transfer this information.

All non-Microsoft services OII is transferred to What OII is transferred? Justification for transferring OII?
Stripe, AWS, Crisp, Customer.io, Segment, Amplitude, Google Tag Manager Company name (as entered by user) When a user signs up, they enter their company name and we use this name as the organization name inside the product

Data access via bots

If this app contains a bot or a messaging extension, it can access end-user identifiable information (EUII): the roster (first name, last name, display name, email address) of any team member in a team or chat it's added to. Does this app make use of this capability?

Justification for accessing EUII? Is EUII stored in database(s)? Justification for storing EUII?
The bot can see the basic info about the user communicating with the bot. However, we do not store or use that info. We only use the user's ID, conversation ID, and a message sent to our bot. We store user's email address, user's name (as defined in the Microsoft AAD) and user's profile photo (from Microsoft AAD) We use an email address as a unique identifier for our users and the user's name and profile photo to allow administrators and approvers from the same company to recognize their employees in our dashboard.

Telemetry data

Does any organizational identifiable information (OII) or end-user identifiable information (EUII) appear in this application's telemetry or logs? If yes, describe what data is stored and what are the retention and removal policies?

Company name and it is retained and remove according to our standard one year retention policy for this type of data

Organizational controls for data stored by partner

Describe how organization's administrators can control their information in partner systems? e.g. deletion, retention, auditing, archiving, end-user policy, etc.

To start, we collect the minimum amount of data required from users. Then we share the minimum possible with our partners and finally we have data retention policies so all data is removed within one year if applicable.

Human review of organizational information

Are humans involved in reviewing or analyzing any organizational identifiable information (OII) data that is collected or stored by this app?

Yes

Feedback

Questions or updates to any of the information you see here? Contact us!

Information from the Microsoft Cloud App Security catalog appears below.

View in a new tab

Feedback

Questions or updates to any of the information you see here? Contact us!

Identity information

This information has been provided by Vacation Tracker about how this app handles authentication, authorization, application registration best practices, and other Identity criteria.

Information Response
Do you integrate with Microsoft Identify Platform (Azure AD)? No

Feedback

Questions or updates to any of the information you see here? Contact us!