Terms of Service

1. Acceptance of Terms

By accessing or using IdentityOps ("the Service"), you agree to be bound by these Terms of Service. If you do not agree, you may not use the Service.

2. Description of Service

IdentityOps is an independent governance platform that provides read-only visibility into Microsoft Entra app registrations, credentials, and permissions. The Service scans your tenant using Microsoft Graph API to surface risk insights, credential expiry data, and governance recommendations.

3. Data Access and Security

IdentityOps requests only read-only Microsoft Graph permissions. The Service does not create, modify, or delete any resources in your Microsoft Entra tenant. Access tokens are used exclusively to query tenant data during active sessions and are stored securely in encrypted sessions. IdentityOps does not share your tenant data with third parties.

4. User Responsibilities

You are responsible for ensuring that you have appropriate authorization from your organization to grant IdentityOps access to your Microsoft Entra tenant. You agree to use the Service in compliance with all applicable laws and your organization's policies.

5. Cancellation and Data Retention

You may cancel your subscription at any time from the billing settings page. You may choose to cancel at the end of your current billing period (retaining access until then) or cancel immediately.

Upon cancellation, your tenant data is retained for 30 days to allow recovery. During this retention window, you may restore your subscription to regain full access. After 30 days, all tenant data is automatically and permanently deleted, including scan history, app metadata, user records, alert configurations, and activity logs. Session data is automatically cleaned up on a regular schedule.

You may request immediate data deletion at any time by contacting support. Certain records may be retained where required to comply with legal, accounting, or regulatory obligations.

6. Availability and Warranties

The Service is provided “as is” without warranty of any kind. We do not guarantee uninterrupted availability or that the Service will be free of errors. Scheduled maintenance or temporary service interruptions may occur. IdentityOps is not a substitute for your own security practices and compliance obligations.

7. Limitation of Liability

To the maximum extent permitted by law, IdentityOps and its operators shall not be liable for any indirect, incidental, or consequential damages arising from your use of the Service. In no event shall IdentityOps' total liability exceed the amount paid by you to IdentityOps in the twelve (12) months preceding the claim.

8. Changes to Terms

We reserve the right to update these Terms of Service at any time. Continued use of the Service after changes constitutes acceptance of the updated terms. We will make reasonable efforts to notify users of material changes.

9. Governing Law

These Terms are governed by and construed in accordance with the laws of the United States.

10. Contact

For questions about these terms, please contact us through the support channels provided within the application or at support@identityops.dev.