Legal

Privacy Policy

Last updated: May 2025. We are committed to protecting the privacy of your organization and its users.

Summary: Link Redirector is an enterprise tool for Microsoft 365 organizations. We collect only what is necessary to operate the service. Your data is stored on Azure infrastructure within your organization's Microsoft 365 tenant context. We do not sell data, and we do not serve advertising.

Overview

This Privacy Policy describes how InWorks LLC (“InWorks,” “we,” “us,” or “our”) collects, uses, and protects information when you use Link Redirector, including the web dashboard and the Microsoft Outlook Add-In (collectively, the “Service”).

Link Redirector is designed for use by organizations (“Customer Organizations”) that subscribe to Microsoft 365. If you are using Link Redirector because your employer or organization has enabled it, your organization is the data controller and this policy explains how InWorks, as the data processor, handles that data.

Information We Collect

Account and Identity Information

Link Redirector uses Microsoft Entra ID (Azure Active Directory) for authentication. When you sign in, Microsoft provides us with your:

  • Microsoft account display name
  • Microsoft account email address
  • Microsoft tenant ID (used to scope your organization’s data)
  • Microsoft Object ID (a unique identifier for your account within your organization’s directory)

We do not store your password. Authentication is handled entirely by Microsoft.

Link Data

When you create, edit, or delete short links, we store:

  • The short link slug (e.g., go/q3-report)
  • The destination URL
  • The display name or label you assign to the link
  • Link metadata: creation date, last modified date, created-by user ID, pin/lock status
  • Whether a link is configured as a one-time URL

Usage Data

To operate and improve the Service, we collect:

  • Link click counts (aggregate, not per-user)
  • Dashboard page views and feature interactions (aggregate analytics only)
  • Error logs and performance telemetry from Azure Application Insights

We do not track which individual users click on which specific short links.

Outlook Add-In

The Outlook Add-In reads only the content of the message currently being composed or read, and only when you explicitly open the add-in panel. The add-in does not have access to your broader mailbox, calendar, contacts, or any other email messages.

How We Use Information

We use the information we collect to:

  • Authenticate you and authorize access to your organization’s links
  • Operate the short link redirect service
  • Display your link library in the dashboard and Outlook Add-In
  • Attribute link creation to individual users within your organization (visible to admins)
  • Monitor service health, diagnose errors, and improve performance
  • Respond to support requests you submit to us

We do not use your data to train machine learning models, serve advertising, or build behavioral profiles.

Data Storage & Security

Link Redirector is hosted on Microsoft Azure. All application data is stored in Azure Table Storage and Azure Functions within a single Azure region. Data is encrypted at rest (AES-256) and in transit (TLS 1.2 or higher).

Access to production data is restricted to InWorks engineering personnel and is governed by least-privilege access controls. We do not grant third parties access to customer data except as described in this policy.

Enterprise customers may request a dedicated Azure deployment where all data remains within their own Azure subscription. Contact support@inworksllc.com for details.

Microsoft Integration & Permissions

Link Redirector requests the following Microsoft Graph permissions during sign-in:

  • openid, profile, email — to identify you and display your name in the dashboard
  • User.Read — to read your basic Microsoft account profile

We request only the minimum permissions required to operate the Service. We do not request access to your email, calendar, files, or other Microsoft 365 data.

The Outlook Add-In uses the Office.js API to interact with the currently open message and does not use Microsoft Graph.

Data Sharing

We do not sell your personal data. We may share data with the following categories of service providers, solely to operate the Service:

  • Microsoft Azure — cloud hosting, storage, and serverless compute
  • Microsoft Application Insights — error logging and performance telemetry

We may disclose information if required by applicable law, regulation, or valid legal process, or to protect the rights, property, or safety of InWorks, our customers, or others.

Data Retention

We retain your link data and account records for as long as your organization maintains an active Link Redirector subscription. If your subscription is cancelled or expires:

  • Your data is retained for 30 days during which you may request an export
  • After 30 days, all account and link data is permanently deleted from our systems
  • Aggregate, anonymized analytics data may be retained indefinitely

Error logs and telemetry are retained for 90 days.

Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate personal data
  • Request deletion of your personal data
  • Object to or restrict certain processing of your data
  • Request a portable copy of your data

To exercise these rights, please contact us at support@inworksllc.com. Note that for organizational accounts, data access and deletion requests may need to go through your organization’s IT administrator.

Children’s Privacy

Link Redirector is a business tool intended for use by adults within organizations. We do not knowingly collect personal information from anyone under the age of 16. If you believe we have inadvertently collected such information, please contact us immediately at support@inworksllc.com.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to our practices or for legal, operational, or regulatory reasons. When we make material changes, we will update the “Last updated” date at the top of this page and, where required, provide additional notice such as an in-app notification or email to your organization’s account contact.

We encourage you to review this policy periodically. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests related to this Privacy Policy, please contact InWorks LLC at:

InWorks LLC
Email: support@inworksllc.com

We aim to respond to all privacy-related inquiries within 5 business days.