Introduction
Cyra is a Microsoft Teams notification-only application developed and operated by BlueSecure.
This Privacy Policy explains what data we process, why we process it, and how we protect it when your organization installs and uses Cyra.
Data We Collect
Cyra is designed as a notification relay. It does not collect or process end-user content or communications within Microsoft Teams.
The application may process the following technical and operational data:
Identifiers: Teams user ID, conversation ID, and tenant ID to deliver notifications.
Notification metadata: message delivery status, timestamps, and campaign identifiers.
Authentication tokens: limited to the tokens required for secure bot communication (encrypted, short-lived).
Administrative data: organization contact details provided during onboarding.
Data We Do Not Collect
No reading, storing, or analyzing of Teams chat messages.
No access to files, calendars, or other Microsoft 365 services.
No advertising or profiling based on user data.
Purpose of Processing
Cyra processes data exclusively to:
Deliver notifications initiated by your organization through BlueSecure.
Provide basic delivery analytics (sent, failed, delivered).
Ensure the security and proper functioning of the service.
Data Retention
Notification logs are stored for a maximum of 180 days.
Authentication tokens are stored only as long as technically required.
Organizations may request earlier deletion.
Data Security
All data is encrypted in transit (TLS 1.2+) and at rest.
Secrets and credentials are managed securely using industry best practices.
Access to systems is restricted to authorized personnel only.
Data Sharing
We do not sell or share personal data with third parties.
Data may be disclosed only:
To comply with legal obligations.
To respond to lawful requests by public authorities.
GDPR and Data Subject Rights
If you are located in the EU/EEA, you have the right to request access, correction, deletion, or restriction of your data.
Requests should be addressed to your organization’s administrator, who may contact us at: privacy@bluesecure.io
Contact
BlueSecure – Data Protection Officer