What this covers
This policy explains what data TeamGroup collects, why we collect it, how we store it, and what control you have over it. TeamGroup is a web and mobile application that connects to your Microsoft Teams accounts via the Microsoft Graph API so you can view and manage conversations across multiple accounts in one place.
What we collect
Account information — Your email address, used for passwordless sign-in via one-time codes. We don't collect passwords because we don't use them.
Microsoft Teams data — When you connect a Microsoft 365 account, we access your Teams chat conversations, messages, and basic profile information through the Microsoft Graph API. This includes chat topics, message content, sender names, and timestamps.
Session data — IP address and user agent string for each active session, used to show you where you're signed in and let you revoke access.
Payment information — If you subscribe to a paid plan, payment processing is handled entirely by Stripe. We never see or store your card number.
How we access your Microsoft data
TeamGroup uses OAuth 2.0 with delegated permissions. That means:
- You sign in to Microsoft directly — we never see your Microsoft password
- We only request the specific permissions needed to read and send chat messages
- Access is scoped to your account only — we cannot access organization-wide data
- You can revoke access at any time through your Microsoft account settings or by removing the account in TeamGroup
We do not request admin-level or application-level permissions. Every action TeamGroup takes on your behalf requires your active authorization.
How we store your data
Authentication credentials (Microsoft access tokens, refresh tokens, and client secrets) are encrypted at the application level using AES-256-GCM. The encryption key is derived using SHA-256 and is never stored alongside the encrypted data. All other data — including email addresses, chat messages, and sender information — is protected by Azure SQL Transparent Data Encryption (TDE) at the storage layer.
Our infrastructure runs on Microsoft Azure with HTTPS enforced on all connections.
How long we keep it
Chat data is synced from Microsoft and stored locally in our database to provide fast access. When you remove a connected account, all associated chats and messages are permanently deleted. When you delete your TeamGroup account, all data is removed.
Third-party services
- Microsoft Graph API — To read and send Teams chat messages on your behalf
- Microsoft Azure — Application hosting and infrastructure
- Stripe — Payment processing for paid plans
We do not sell, share, or provide your data to any other third parties.
Your rights
You can:
- Access your data by viewing your profile and connected accounts
- Delete your data by removing connected accounts or deleting your TeamGroup account
- Export your data by contacting us at support@teamgroup.app
- Revoke Microsoft access at any time through Microsoft's app permissions page or within TeamGroup
If you're in the EU, you have additional rights under GDPR including rectification, restriction of processing, and data portability. If you're in California, you have rights under the CCPA including the right to know what data we collect and the right to opt out of data sales (we don't sell data, so this doesn't apply).
Cookies and tracking
TeamGroup uses session cookies for authentication on the web app and bearer tokens on mobile. We do not use analytics trackers, advertising pixels, or third-party cookies. There's nothing to opt out of because we don't track you.
Children
TeamGroup is a business tool and is not intended for use by anyone under 13. We do not knowingly collect data from children.
Changes to this policy
If we make significant changes, we'll notify you via email or an in-app notice. Minor wording updates won't trigger a notification but the effective date at the top of this page will always reflect the latest version.
Contact
Questions about this policy? Email us at support@teamgroup.app.