Presify Privacy Policy
Template notice. This document is a first-pass template drafted by Claude. It has not been reviewed by an attorney. Engage qualified legal counsel before publishing it as your binding privacy policy. This template is provided as a starting point only and is not legal advice.
Effective Date: June 4, 2026
This Privacy Policy explains how Presify, LLC, a Florida limited liability company ("Presify," "we," "us," or "our"), collects, uses, and protects information in connection with the Presify service available at presify.io (the "Service").
This Privacy Policy applies to two categories of individuals:
- Customer Personnel. Authorized Users of the Service (typically IT administrators) who sign in, configure the Service, and view reports.
- Monitored Users. Individuals within Customer's Microsoft 365 tenant whose presence data is collected by the Service on behalf of Customer.
Customer is the data controller for both categories of data. Presify processes data on Customer's instructions as described in the Data Processing Agreement available at presify.io/dpa.
1. Information We Collect
1.1 Information from Customer Personnel
When an Authorized User signs up for or uses the Service, we collect:
- Account information: name, work email address, Microsoft user principal name (UPN), and the Microsoft tenant identifier of the organization.
- Authentication information: access tokens issued by Microsoft when the Authorized User signs in via Microsoft Entra ID. These tokens are used solely to verify identity during the sign-in flow and are not retained beyond the session.
- Application usage information: features used, dashboards viewed, reports generated, and similar metadata necessary to operate and improve the Service.
- Support communications: messages submitted through the in-application support widget or sent to support@presify.io, retained for response and quality purposes.
- Billing information: processed and stored by Stripe; Presify receives a customer identifier and subscription metadata but does not store payment card numbers.
- Marketing attribution: if applicable, the UTM parameters present on the signup URL.
1.2 Information about Monitored Users
When Customer activates monitoring, the Service collects from the Microsoft Graph API on Customer's behalf:
- Identification information: Microsoft user identifier (immutable), user principal name (UPN), display name, and the organizational tenant identifier.
- Presence events: changes in Microsoft Teams presence status (e.g., Available, Busy, Away, In a Meeting, Offline) with associated timestamps. Presence events are aggregated into daily summaries for reporting.
- Anomaly findings: automated detections derived from presence events (e.g., unbroken Available stretches, idle suppression patterns).
The Service does not access or collect:
- Email content
- Chat or message content
- File or document content
- Calendar event content
- Call recordings or transcripts
- Any other Microsoft 365 data outside of presence status and basic user directory fields necessary to operate the Service
1.3 Information collected automatically
When users access the Service, we collect:
- Log data: IP address, browser type, operating system, referrer URL, and timestamps.
- Cookies and similar technologies: strictly necessary cookies for authentication and session management. We do not use cookies for advertising or third-party tracking.
2. How We Use Information
We use the information we collect to:
- Provide, operate, and maintain the Service for Customer
- Authenticate Authorized Users and enforce access controls
- Collect, store, and display presence data and reports to Customer
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations and respond to lawful requests
- Communicate with Authorized Users about the Service, including service notices, billing notices, and updates
- Improve the Service through analytics on aggregated usage patterns
- Provide customer support
We do not use Monitored User data for any purpose other than providing the Service to Customer. We do not analyze Monitored User data to build features for other customers, train machine learning models for third parties, or any similar secondary purpose.
3. Legal Basis for Processing
Presify processes personal information based on the following legal bases:
- Contractual necessity: processing required to provide the Service under our Terms of Service with Customer.
- Legitimate interests: processing necessary for the security, integrity, and improvement of the Service.
- Compliance with law: processing required by applicable legal obligations.
For Monitored User data, Customer is responsible for ensuring it has a valid legal basis to monitor each Monitored User, including providing any notices required by applicable law. Presify processes Monitored User data on Customer's behalf as described in the DPA.
4. How We Share Information
We do not sell personal information. We share information only as follows:
4.1 Sub-processors
The following sub-processors assist us in providing the Service. Each is bound by a written agreement requiring confidentiality, security, and use limited to providing services to Presify:
| Sub-processor | Purpose | Location | Data accessed |
|---|---|---|---|
| Amazon Web Services, Inc. | Cloud hosting, storage, compute | United States | All Customer Data including presence events, reports, and account information |
| Stripe, Inc. | Subscription billing and payment processing | United States | Account billing email, organization name, subscription tier, payment method |
| Functional Software, Inc. (Sentry) | Application error and performance monitoring | United States | Application telemetry, error reports (PII scrubbed before submission) |
| Better Stack, Ltd. | Status page and uptime monitoring | United States and European Union | Service status data, no customer data |
| Freshworks, Inc. (Freshdesk) | Customer support ticketing | United States | Support ticket contents, which may reference Customer or Monitored User information |
| Microsoft Corporation | Authentication via Microsoft Entra ID and source of presence data via Microsoft Graph API | Customer's Microsoft tenant region | Authentication tokens, presence data accessed under Customer's tenant consent |
We will provide reasonable advance notice (typically thirty days) of material changes to the sub-processor list. The current list is available at presify.io/privacy.
4.2 Service providers
We may share information with service providers who assist with payment processing, hosting, analytics, error monitoring, customer support, and similar functions. These providers are bound by contractual confidentiality and security obligations.
4.3 Legal compliance
We may disclose information when required by law, court order, or governmental request, or when we believe in good faith that disclosure is necessary to (a) protect the rights, property, or safety of Presify, our customers, or others, (b) investigate fraud or security incidents, or (c) enforce our Terms of Service.
4.4 Business transfers
If we are involved in a merger, acquisition, financing, or sale of business assets, information may be transferred to the acquirer or successor as part of that transaction, subject to standard confidentiality protections. We will provide notice via email and a prominent notice on the Service before any transfer that would materially change this Privacy Policy.
4.5 Aggregated and anonymized data
We may share aggregated and anonymized statistics that cannot reasonably be used to identify any individual.
5. Data Retention
5.1 Customer-controlled retention
Presence data and derived reports are retained according to Customer's subscription tier:
| Tier | Retention period |
|---|---|
| Basic | 30 days |
| Standard | 90 days |
| Pro 100 / 250 / 500 | 180 days |
| Enterprise | 365 days (or as agreed) |
Data older than the retention period is automatically deleted by automated processes each night.
5.2 Operational retention
- Account information: retained while the Customer's account is active.
- Audit logs: retained for the life of the account and for a reasonable period thereafter for security and compliance purposes.
- Billing records: retained as required by tax and accounting laws (typically seven years).
- Support tickets: retained for the life of the account and for a reasonable period thereafter for service-quality purposes.
- Anonymized billing audit trail after cancellation: retained as required by tax and accounting laws.
5.3 Deletion on cancellation
When a Customer cancels its subscription, Customer Data is deleted at the end of the thirty-day read-only window per the Terms of Service and the DPA. Audit logs and anonymized billing records may be retained beyond this window for the purposes described above.
5.4 Immediate deletion option
Customers may request immediate deletion of all Customer Data through the in-application "Delete all data" feature, which bypasses the read-only window.
6. Your Rights and Choices
6.1 Rights of Authorized Users
Authorized Users have the right to:
- Access their account information
- Correct inaccurate account information
- Request deletion of their account (by transferring or removing themselves through the in-application team management)
- Withdraw from receiving marketing communications
To exercise these rights, sign in to the Service or contact support@presify.io.
6.2 Rights of Monitored Users
Because Customer is the data controller for Monitored User data, requests from Monitored Users to access, correct, delete, or restrict processing of their data should be directed first to Customer.
If a Monitored User contacts Presify directly with such a request, Presify will (a) acknowledge receipt and (b) notify the relevant Customer of the request and forward the request to Customer for handling, except where prohibited by law.
The Service includes per-user data deletion and per-user data export features that Customer administrators can use to comply with Monitored User requests.
6.3 California residents (CCPA / CPRA)
Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, California residents have specific rights:
- Right to know: the right to know what categories of personal information have been collected, the sources of that information, the purposes for collection, and the categories of third parties with whom information is shared. This Privacy Policy provides this disclosure.
- Right to delete: the right to request deletion of personal information, subject to certain exceptions.
- Right to correct: the right to request correction of inaccurate personal information.
- Right to opt out of sale or sharing: Presify does not sell personal information and does not share personal information for cross-context behavioral advertising.
- Right to limit use of sensitive personal information: Presify does not collect sensitive personal information beyond what is required for authentication and service operation.
- Right to non-discrimination: Presify will not discriminate against any California resident for exercising any of these rights.
To exercise these rights, contact support@presify.io with the subject line "CCPA Request." Presify will verify the requester's identity before fulfilling the request. We will respond within forty-five (45) days as required by California law.
6.4 European Union residents
Presify is designed for organizations with employees located in the United States. The Service is operated entirely on infrastructure located in the United States.
If Customer has employees based in the European Union or the United Kingdom, Customer should contact us before enrolling them as Monitored Users. Compliance with the EU General Data Protection Regulation (GDPR) and the UK GDPR for EU/UK-based individuals is on our roadmap but is not currently supported in the v1 Service offering. We do not currently have Standard Contractual Clauses or other approved transfer mechanisms in place for EU/UK data.
7. Data Security
We take commercially reasonable measures to protect personal information, including:
- Encryption of data at rest using AES-256 within AWS storage services
- Encryption of data in transit using TLS 1.2 or higher
- Multi-factor authentication for personnel with administrative access to production systems
- Role-based access controls with least-privilege design
- Network isolation via private subnets for production databases
- Audit logging of administrative actions
- Vulnerability scanning and security monitoring via AWS GuardDuty, Inspector, and Security Hub
- Bounded data retention per Customer subscription tier
- Append-only audit logs with row-level security enforcement at the database layer
- Sub-processor due diligence and written data protection terms
No security measure is perfect. While we work to protect personal information, we cannot guarantee absolute security.
8. International Data Transfers
The Service is operated entirely in the United States. By using the Service, Authorized Users acknowledge that their information will be transferred to, stored in, and processed within the United States. The data protection laws of the United States may differ from those of the user's country of residence.
For Customers with EU/UK-based employees, see Section 6.4.
9. Children's Privacy
The Service is not designed for or directed at children under thirteen (13). We do not knowingly collect personal information from children under thirteen. If you believe a child under thirteen has provided personal information to us, please contact support@presify.io and we will take appropriate action.
10. HIPAA
The Service is not designed to be used as part of a HIPAA-regulated workflow. Presify is not a HIPAA Business Associate. Customers must not use the Service to process Protected Health Information (PHI). See the Terms of Service for additional details.
11. Cookies and Tracking Technologies
The Service uses a small number of strictly necessary cookies:
- Authentication session cookie: identifies an authenticated session and is removed when the session expires (8 hours).
- CSRF protection cookie: prevents cross-site request forgery attacks during sign-in and impersonation flows.
- UTM attribution cookie: stores UTM parameters across the sign-in redirect to support analytics. Expires after 10 minutes.
We do not use third-party advertising cookies, cross-site tracking cookies, or analytics cookies that would qualify as tracking under GDPR or CCPA's cross-context behavioral advertising definition.
12. Third-Party Links and Services
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage users to review the privacy policies of any third-party services they interact with.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be communicated to Authorized Users by email at least thirty (30) days before they take effect. The updated policy will be posted at presify.io/privacy with an updated Effective Date. Continued use of the Service after the effective date constitutes acceptance.
14. Contact Us
For questions, concerns, or to exercise any rights described in this Privacy Policy:
Presify, LLC, a Florida limited liability company [BUSINESS ADDRESS] Email: support@presify.io (general privacy inquiries and CCPA requests) Email: legal@presify.io (legal notices) Web: https://presify.io
Last updated: June 4, 2026