Alert Relay Privacy Policy

Effective date: April 7, 2026

Last updated: April 27, 2026

1. Who we are

Alert Relay is a software service provided by independNET Pty Ltd.

If you have questions about this Privacy Policy or our handling of personal information, you can contact us at:

Support email: support@alertrelay.com.au

If required by applicable law, we may also appoint regional privacy representatives and publish their details in this Privacy Policy or on our website.

2. About this Privacy Policy

This Privacy Policy explains how we collect, use, hold and disclose personal information in connection with Alert Relay, including our website, custom connector, API services, subscriptions, support, and related operations.

We are based in Australia and aim to handle personal information in a transparent and secure way.

3. What information we collect

Depending on how Alert Relay is used, we may collect the following types of information.

Tenant and organisation information

• Microsoft Entra tenant ID
• tenant display name
• Alert Relay account, trial, entitlement, subscription, or billing status, where applicable
• timestamps such as when a tenant was first seen and last seen by the service

User identity information

• Microsoft Entra object ID
• name or display name
• email address
• user principal name
• basic authentication or connection metadata

Region-related account information

To help us understand where the service is being used and support compliance, operations, billing, and regional service planning, we may also collect region-related user profile fields returned by Microsoft Graph, such as:

• usageLocation
• country

These values are collected as raw account/profile information returned by Microsoft services. They may be incomplete, inconsistent, or out of date, and we do not treat them as formal proof of legal residency or establishment.

Service usage and diagnostic information

• which Alert Relay action was called
• date and time of the request
• tenant reference
• list ID
• site ID, where used
• service status, error, and diagnostic information
• operational telemetry such as request volumes, response times, and service health information

Subscription and billing information

If you sign up for a paid service, trial, or subscription, we may also collect:

• billing contact details
• subscription identifiers
• invoice and payment status
• payment provider customer, session, or subscription references

We do not intend to store full payment card details ourselves.

4. What we do not intend to store

Alert Relay is designed to minimise retention of customer business content.

As a general rule, we do not intend to store:

• SharePoint list item contents
• document or file contents
• page contents
• generated email bodies containing customer business data
• OAuth access tokens except for short-lived operational handling
• customer business content except where technically necessary for transient processing, troubleshooting, security, legal compliance, or service integrity

Where customer data must be handled to provide the service, we aim to minimise collection and retention.

5. How we collect information

We may collect personal information:

• directly from you
• when you connect or authenticate to Alert Relay using Microsoft services
• when users in your organisation configure or use the Alert Relay connector or related services
• through API requests, logs, and operational telemetry
• through limited Microsoft Graph calls used to enrich tenant or user metadata, such as tenant display name and basic user profile/contact and region-related fields
• when you subscribe, contact us, request support, or use our website
• from service providers that help us operate the service, such as hosting, monitoring, communications, authentication, and payment providers

6. Why we collect, use and disclose information

We collect, use and disclose personal information for purposes including:

• providing and operating Alert Relay
• authenticating users and validating service requests
• linking service activity to the relevant tenant, user, and Alert Relay entitlement
• enforcing service limits, trials, subscriptions, and licensing conditions
• processing subscriptions, billing, renewals, and invoices
• maintaining service security, integrity, fraud prevention, and abuse detection
• diagnosing issues and improving service performance and reliability
• understanding service usage by region or market at an aggregate or operational level
• communicating about onboarding, support, billing, incidents, and service changes
• complying with legal, regulatory, and contractual obligations
• establishing, exercising, or defending legal claims

7. Legal bases for processing

Where data protection laws require a legal basis for processing, we generally process personal data on one or more of the following bases:

• to provide the service you or your organisation requested
• to perform or prepare for a contract
• for our legitimate interests in operating, securing, supporting, improving, and administering Alert Relay
• to comply with legal obligations
• with consent, where consent is required

8. Roles and responsibilities

Customer organisations remain responsible for their own Microsoft 365, SharePoint, and user authorisation environments.

Depending on the context, we may act:

• as an independent controller for our own account, subscription, billing, support, security, regional usage, and service operations data, and
• as a service provider or processor in relation to certain customer-linked operational processing carried out to provide Alert Relay functionality

Nothing in this policy is intended to reduce any legal rights or obligations that apply under applicable privacy or data protection law.

9. Where information is stored

We intend to host core Alert Relay infrastructure in Microsoft Azure in Australia East.

This means that the primary service data we choose to retain for Alert Relay is intended to be stored in Australian-hosted Azure resources, subject to how Microsoft and any subprocessors operate their services.

Some supporting services, such as payment processing, email delivery, customer support, monitoring, or anti-fraud services, may involve handling or access outside Australia. Microsoft says customer data for Azure services is generally stored and processed within the selected geography, subject to service design and authorised support/operational arrangements.

10. International disclosures and transfers

We do not currently intend to disclose personal information overseas as part of normal core Alert Relay operations, except where this occurs through third-party providers or supporting services we use.

For example, overseas disclosure or access may occur if we use:

• payment providers
• customer support platforms
• email delivery providers
• monitoring or analytics tools
• infrastructure, security, or anti-fraud services with overseas personnel or subprocessors

Where required, we will take reasonable steps to protect personal information in connection with international disclosures or transfers.

11. Security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure.

Those steps may include:

• encryption in transit
• access controls and least-privilege access
• environment separation where practicable
• secure credential and secret handling
• logging and monitoring
• review and minimisation of retained data
• use of reputable cloud and service providers

No platform is completely secure, but we take security seriously and aim to reduce privacy and security risk.

12. Data retention

We keep personal information only for as long as reasonably necessary for service delivery, security, diagnostics, subscription management, legal compliance, record-keeping, and dispute resolution.

Our retention approach may include:

• keeping account and subscription data while an Alert Relay account or subscription remains active and for a reasonable period afterwards
• retaining usage and diagnostic logs for a limited operational period, then deleting, de-identifying, or aggregating them where practicable
• retaining billing and financial records for the period required by law or reasonable accounting practice
• retaining support records for as long as reasonably necessary to manage support, service history, and disputes

Indicative retention periods

• Raw usage logs: 12 months
• Support records: 24 months
• Billing and tax records: 7 years

13. Access, correction, and related rights

You may request access to personal information we hold about you and ask us to correct information that is inaccurate, incomplete, out of date, irrelevant, or misleading.

Depending on where you are located and which laws apply, you may also have rights to request deletion, restriction, objection, portability, or withdrawal of consent in certain circumstances.

To exercise these rights, contact us using the details in this policy. We may need to verify your identity before acting on the request.

14. Complaints

If you have a complaint about how we have handled your personal information, please contact us first.

Please provide enough detail for us to understand and investigate the issue. We will review your complaint and respond within a reasonable time.

If you are not satisfied with our response, you may have the right to complain to the relevant privacy or data protection regulator, including in Australia the Office of the Australian Information Commissioner. OAIC guidance says a privacy policy should explain how an individual may complain about a breach of the Australian Privacy Principles and how the organisation will deal with such a complaint.

15. Data breaches

If a data breach occurs involving personal information we hold, we will assess and respond to the incident in accordance with applicable law and our internal procedures.

Where required, we will notify affected individuals and relevant regulators.

16. Third-party services

Alert Relay may rely on third-party providers to operate effectively. These may include providers of:

• cloud hosting
• identity and authentication
• payments and billing
• communications and email delivery
• monitoring, logging, and analytics
• support and security tooling

These providers may handle personal information on our behalf or in connection with the services they supply to us.

17. Website and analytics

If we operate a public website for Alert Relay, we may collect standard website usage information such as IP address, browser type, timestamps, pages accessed, and referring URLs for security, analytics, and website administration.

If cookies or similar technologies are used, we may provide additional notice on the website.

18. Availability by region

Alert Relay may not be available in all jurisdictions. We may limit or refuse access to the service in particular countries or regions for legal, operational, commercial, or compliance reasons.

Any such limitations may be described in our website, signup flow, service terms, or other customer-facing materials.

19. Regional representatives

If required by applicable law, we may appoint privacy or data protection representatives in specific jurisdictions. Where we do so, their details may be published in this Privacy Policy or on our website.

20. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

The updated version will be published with a revised effective date.

21. Contact us

For privacy questions, requests, or complaints, contact:

independNET Pty Ltd
support@alertrelay.com.au