A technical overview of how InboxTidy is installed, secured, and run within your Microsoft 365 tenant. This document explains the application architecture, data handling approach, Microsoft Graph permissions, Power Platform components, Azure services, and security controls used to keep email processing under your organisation’s control.

This Data Retention Policy sets out the retention periods that apply to data processed through the InboxTidy application and related support services. It explains how long information is kept, the reasons for keeping it, and the approach used to securely delete or anonymise data once it is no longer required.

This Data Processing Agreement sets out the terms under which InboxTidy processes personal data on behalf of customer organisations. It covers data protection obligations, security controls, sub processors, retention, and each party’s responsibilities.

This Privacy Notice describes how personal data is processed through the InboxTidy application software and any related support or administration services. It explains the types of data involved, the purpose of processing, how data is managed and protected, and the rights available to users and customer organisations.