Privacy Policy
Last updated: March 24, 2026
At SwiftM365, your privacy and security are our top priorities. This Privacy Policy explains what data we collect, how we use it, and the measures we take to protect it.
1. Our Core Principle: Zero Tenant Access
Your M365 data never touches our servers
SwiftM365 generates PowerShell scripts that you download and run locally in YOUR PowerShell environment. We never ask for, receive, store, or process any data from your Microsoft 365 tenant. No OAuth tokens, no admin credentials, no tenant data — ever.
2. Information We Collect
We collect only the minimum information necessary to provide the Service:
Account Information: Name, email address, organization name (optional), and a securely hashed password.
Generation History: Metadata about scripts you generate (operation type, country selected, timestamp). We do NOT store the full script content or any tenant-specific data.
Usage Data: Basic analytics such as pages visited and features used, to help us improve the Service.
3. Information We Do NOT Collect
- Microsoft 365 tenant credentials or tokens
- User lists, mailbox data, or any tenant information
- PowerShell script execution results or outputs
- CSV files uploaded for bulk operations (processed client-side only)
- Payment information (the Service is free)
4. How We Use Your Information
- To create and manage your account
- To provide the script generation service
- To maintain your generation history for your convenience
- To send service-related notifications (account verification, security alerts)
- To improve the Service based on usage patterns
We will NEVER sell, rent, or share your personal information with third parties for marketing purposes.
5. Data Security
Password Hashing: All passwords are encrypted using bcrypt with salt rounds. We never store or can access plaintext passwords.
Encrypted Connections: All data transmitted between your browser and our servers is encrypted using TLS/HTTPS.
Database Security: Our database is hosted on Supabase with row-level security, encrypted at rest, and access-controlled.
Session Management: We use JWT-based authentication with secure, httpOnly cookies.
6. Data Retention
Your account data is retained as long as your account is active.
Generation history is retained for your convenience and can be deleted upon request.
If you delete your account, all associated data will be permanently removed within 30 days.
7. Cookies
We use essential cookies only — specifically for authentication session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
8. Your Rights
- Access: You can view all data we hold about you from your Profile page.
- Correction: You can update your account information at any time.
- Deletion: You can request complete deletion of your account and all associated data.
- Export: You can request an export of your data at any time.
9. Third-Party Services
Hosting: Our application is hosted on Vercel (vercel.com).
Database: User accounts are stored in Supabase (supabase.com) PostgreSQL.
Both services maintain their own privacy and security certifications. We have reviewed their practices to ensure they align with our commitment to your data security.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Continued use of the Service after changes constitutes acceptance.
11. Contact Us
For any privacy-related questions or requests, please contact us at privacy@bulkm365.com
© 2026 SwiftM365. All rights reserved.