Backup Teams Logo
Get Started

Privacy Policy

Effective Date: March 10, 2026

1. Introduction

Welcome to Backup Teams. At Backup Teams Inc. ("we," "our," or "us"), we respect your privacy and are deeply committed to protecting the organizational data you entrust to us. This Privacy Policy outlines how we collect, use, process, and safeguard the information you provide when using our Microsoft Teams backup services, website, and related applications (collectively, the "Services").

Our architecture is designed around the principle of data minimization and zero-knowledge encryption where applicable. By accessing or using our Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

2. The Information We Collect

We collect information in the following categories to provide and improve our Services:

2.1. Information You Provide Directly

  • Account Information: When you register for our Services, we collect your name, email address (typically your Azure AD / Microsoft 365 identity), company name, and billing details.
  • Authentication Tokens: To perform backups, you grant us secure OAuth 2.0 tokens via the Microsoft Graph API. We store these securely to authenticate automated backup processes on your behalf.
  • Support Communications: If you contact our support team, we collect the contents of your messages and any attachments necessary to resolve your inquiry.

2.2. Data We Process on Your Behalf (The Backups)

The core function of Backup Teams is to process and secure your corporate data. This includes:

  • Microsoft Teams Chat History: 1:1 chats, group chats, and channel discussions.
  • Files and Attachments: Documents shared within Teams (originating from SharePoint or OneDrive).
  • Metadata: Timestamps, sender IDs, and channel structures required to accurately reconstruct your data topology.
Architectural Note: We treat this data entirely as a Data Processor under GDPR. Your backup data is encrypted at rest in dedicated, isolated Amazon S3 vaults unique to your tenant. We do not mine, sell, or analyze your backup data for marketing or any purpose other than providing the backup service itself.

2.3. Automatically Collected Information

  • Logging & Telemetry: We inherently log IP addresses, browser types, and API request latency to ensure the reliability and security of our infrastructure.
  • Cookies and Tracking: We use essential cookies to maintain session states. We do not use third-party advertising cookies on the backup application interface.

3. How We Use Your Information

We use the collected information for the following specific purposes:

  • Service Delivery: To connect to Microsoft Graph APIs, extract your Teams data, encrypt it, and store it in your dedicated vault.
  • Security & Authentication: To verify your identity, mitigate fraudulent access, and enforce strict Access Control Lists (ACLs) on your data.
  • Billing & Administration: To process payments, calculate storage tier usage, and send transactional notifications (e.g., "Backup Complete", "Payment Failed").
  • Performance Optimization: To monitor system health, scale our scraping infrastructure intelligently based on load, and fix software bugs.

4. Data Security & Storage

Security is the foundational pillar of Backup Teams. We employ enterprise-grade security controls:

  • Encryption at Rest: All backup data stored in S3 vaults is encrypted using AES-256.
  • Encryption in Transit: Data is transmitted exclusively over TLS 1.2+ protocols.
  • Tenant Isolation: Your data is structurally isolated. Our scraping engines deploy unique storage buckets and index mappings per Microsoft 365 Tenant ID, preventing cross-tenant data bleed.
  • Key Management: We utilize strict KMS (Key Management Service) policies, automatically rotating encryption keys.

5. Third-Party Disclosures & Sub-Processors

We do not sell your personal data or your backup data. We share data only with trusted sub-processors necessary to run the service:

  • Cloud Infrastructure: Amazon Web Services (AWS) or similar cloud providers for hosting isolated S3 vaults and compute nodes.
  • Authentication Providers: Microsoft Identity Platform (Azure AD) and Google OAuth for secure login flows.
  • Payment Processors: Stripe or similar providers to securely handle billing without routing credit card numbers through our systems.

We may also disclose information if required by law, subpoena, or other strict legal processes, provided we give you prior notice (unless legally prohibited from doing so).

6. Your Rights (GDPR, CCPA, and Beyond)

Depending on your jurisdiction, you or your organization hold specific rights regarding the data:

  • Right to Access: You can export your entire backup vault at any time in industry-standard formats (JSON, PDF).
  • Right to Erasure (Right to be Forgotten): You may request the deletion of your account and all associated backups. Upon request, we initiate a cryptographic hard-delete of your S3 vault, rendering the data completely irrecoverable within 30 days.
  • Right to Portability: You are not locked in. Our export APIs allow you to migrate your Teams backups to other storage providers.

7. Contact Us

If you have any questions, concerns, or technical inquiries regarding this Privacy Policy or how your data is handled, please contact our Data Protection Officer at:

privacy@backupteams.com

Backup Teams Inc.