Privacy & FAQs

Privacy Policy & FAQs

We've assembled the top questions we receive from partners and clients, but please reach out to us if you have any questions on using CloudCapsule.

• How can I get started?

  1. Sign up at https://app.cloudcapsule.io/

  2. Enter your Tenant ID.
     Click here to find your tenant ID via your domain name.

  3. Consent to the permissions with a Global Admin in the tenant.

  4. Click on Start Assessment.

  Check out our Video Tutorial for more details.

• What Microsoft licensing is required?

  CloudCapsule is optimized for use with Microsoft's premium licensing to elevate security to the proper standard.

  For most SMB clients, Microsoft Business Premium is going to be the most optimal licensing choice given it has these key features: 

  • Entra ID P1 

  • Intune 

  • Defender  

  Microsoft M365 E3 and E5 licenses also provide optimal results but will also reflect additional complexity due to the expanded feature set found in these licenses.

  Please note that if you try to add a tenant with licensing with reduced features such as Business Standard, the assessment will fail given the lack of a Defender service principal.

• How do I obtain pricing for a tenant with over 1000 seats?

  Simply reach out to our team at support@cloudcapsule.io or use our Book a Demo link to schedule an appointment to discuss your specific needs.

  We offer volume pricing discounts and can scale to meet business with 10,000 seats or more with ease. 

• What's your cancellation policy?

  Our Essentials plan is available on a monthly or annual basis. Monthly plans can be cancelled at any time, annual plans can be cancelled upon completion of the 12-month subscription term.

• What access does the application need to a tenant and why?

  The data privacy of a tenant is of utmost importance to our team, so please contact us if you have any questions or concerns about using CloudCapsule.

  In general, we primary request read permissions to the tenant with a few read/write permissions to properly enable and disable access of our platform.

  Below are details for each specific service we leverage to properly assess a given tenant:

  Application.Read.All 

  Purpose: Used to read all Enterprise Applications in the account. 

   

  Application.ReadWrite.OwnedBy 

  Purpose: Manage apps that this app creates or owns. Used to provide you the ability to revoke CloudCapsule permissions to the tenant and delete the app from the underlying tenant as well. 

   

  AuditLog.Read.All 

  Purpose: Read all audit log data for Sign in information and suspicious user activity.  

   

  DelegatedAdminRelationship.Read.All 

  Purpose: Read Delegated Admin relationships with customers. Used to pull in all tenants under the MSP partner tenant.  

   

  DeviceManagementApps.Read.All 

  Purpose: Read Microsoft Intune apps 

   

  DeviceManagementConfiguration.Read.All 

  Purpose: Read Microsoft Intune device configuration and policies 

   

  DeviceManagementManagedDevices.Read.All 

  Purpose: Read Microsoft Intune devices 

   

  DeviceManagementServiceConfig.Read.All 

  Purpose: Read Microsoft Intune configuration 

   

  Directory.Read.All 

  Purpose: Read directory data (specifically users and groups) 

   

  email 

  Purpose: View users' email address 

   

  GroupMember.Read.All 

  Purpose: Read all group memberships 

   

  IdentityRiskEvent.Read.All 

  Purpose: Read all identity risk event information 

   

  MailboxSettings.Read 

  Purpose: Read all user mailbox settings 

   

  offline_access 

  Purpose: Maintain access to data you have given it access to. Specifically used for SSO to the application 

   

  openid 

  Purpose: Sign users in. Specifically used for SSO to the application 

   

  Organization.Read.All 

  Purpose: Read organization information 

   

  OrganizationalBranding.Read.All 

  Purpose: Read organizational branding information 

   

  Policy.Read.All 

  Purpose: Read your organization's policies such as Conditional Access 

   

  Policy.ReadWrite.AuthenticationMethod 

  Purpose: Read and write all authentication method policies  

   

  profile 

  Purpose: View users' basic profile. Used for SSO.  

   

  Reports.Read.All 

  Purpose: Read all usage reports 

   

  ReportSettings.ReadWrite.All 

  Purpose: Read and write all admin report settings 

   

  RoleManagement.ReadWrite.Directory 

  Purpose: Read and write all directory RBAC settings. This is used to add the app to the Exchange and Teams roles in AD so that the application can grab Exchange and Teams policy information.  

   

  SecurityAlert.Read.All 

  Purpose: Read all security alerts 

   

  SecurityEvents.Read.All 

  Purpose: Read your organization’s security events 

   

  SharePointTenantSettings.Read.All 

  Purpose: Read SharePoint and OneDrive tenant settings 

   

  Sites.Read.All 

  Purpose: Read all site collections. This is used to pull in all details about SharePoint sites.  

   

  Team.ReadBasic.All 

  Purpose: Get a list of all teams 

   

  TeamSettings.Read.All 

  Purpose: Read all teams' settings 

   

  User.Read 

  Purpose: Sign in and read user profile. Used for SSO. 

   

  User.Read.All 

  Purpose: Read all users' full profiles 

   

  UserAuthenticationMethod.Read.All 

  Purpose: Read all users' authentication methods 

   

  Exchange.ManageAsApp 

  Purpose: Manage Exchange As Application. Used to get Exchange Policies. Read-only calls are made. 

   

  Alert.Read.All 

  Purpose: Read all alerts 

   

  Machine.Read.All 

  Purpose: Read all machine profiles 

   

  Score.Read.All 

  Purpose: Read Threat and Vulnerability Management score 

   

  SecurityRecommendation.Read.All 

  Purpose: Read Threat and Vulnerability Management security recommendations 

   

  Software.Read.All 

  Purpose: Read Threat and Vulnerability Management software information 

   

  Vulnerability.Read.All 

  Purpose: Read Threat and Vulnerability Management vulnerability information 

• What data security practices does CloudCapsule follow and where is the data stored?

  The data privacy of a tenant is of utmost importance to our team, so please contact us if you have any questions or concerns about using CloudCapsule.

  • All data is stored in cloud instance within a region that you selected upon sign up (US or EU). The data for each tenant is isolated in its own instance in the database 

  • EU datacenter:

    • The data is hosted in GCP: europe-west1 (Belgium).

    • The data is not being stored in any other location but it is also being processed with an Azure function in a West Europe datacenter on the Microsoft side (Amsterdam/Netherlands). 

  • US datacenter: 

    • The data is hosted in GCP: East US​

  • All tenant data is encrypted at rest and in transit 

  • The data is only retained for one year and can be deleted on demand by revoking access in CloudCapsule 

  • Role based access control is enforced on database with row-level access control. All access is gaited by MFA at restricted locations. 

  • Periodic Vulnerability scanning is performed on the database 

  • The data is not aggregated or used to train a larger model.  

• What is your Privacy Policy?

  Effective Date: 8/1/2024

  1. Introduction

  At CloudCapsule (“we,” “our,” or “us”), your privacy is important to us. This Privacy Policy explains how we collect, use, and safeguard your personal information when you visit our website (https://www.cloudcapsule.io/) or use our services. 

  By using our website or services, you agree to the collection and use of information in accordance with this policy.

  2. Information We Collect

  We collect the following types of information:

  2.1 Personal Data

  We may collect personally identifiable information, such as:

  • Name
  • Email Address
  • Phone Number
  • Company Name

  
  

  This information is collected when you voluntarily provide it, for example, by filling out a form on our website, signing up for our service, or contacting us for support.

  2.2 Usage Data

  We may collect non-personal information about how our services are accessed and used, such as:

  • Your IP address
  • Browser type and version
  • Pages you visit on our site
  • Time spent on those pages
  • Device information

  
  

  This data is used to improve our website and services, and is collected using cookies, web beacons, and similar tracking technologies.

  3. How We Use Your Information

  We use the data we collect for various purposes, including:

  • To provide and maintain our service: This includes using your information to register your account, provide customer support, and communicate important updates.
  • To improve our services: We analyze usage data to enhance the performance and functionality of our platform.
  • To communicate with you: We may send you important updates, newsletters, or marketing materials if you have opted in to receive them. You may opt out of marketing communications at any time.
  • To comply with legal obligations: We may need to process your data to comply with applicable laws and regulations.

  
  

  4. Data Sharing and Disclosure

  We do not sell or rent your personal data to third parties. We may share your information in the following situations:

  • With Service Providers: We may share data with trusted third-party service providers who help us operate our website or provide services on our behalf (e.g., payment processors, hosting providers).
  • For Legal Reasons: We may disclose your information if required to do so by law, or in response to valid requests by public authorities.

  
  

  5. Data Security

  We use appropriate technical and organizational measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee the absolute security of your data.

  6. Your Data Rights

  You have the following rights regarding your personal data:

  • Access: You can request a copy of the personal data we hold about you.
  • Correction: You can request correction of any incorrect or incomplete information.
  • Deletion: You may request that we delete your personal data, subject to certain legal limitations.
  • Opt-Out: You may opt out of receiving marketing communications from us at any time.

  
  

  To exercise any of these rights, please contact us at support@cloudcapsule.io

  7. Cookies and Tracking Technologies

  We use cookies and similar tracking technologies to track activity on our site and store certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

  8. Third-Party Links

  Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policies of any third-party sites you visit.

  9. Changes to This Privacy Policy

  We may update our Privacy Policy from time to time. Any changes will be posted on this page, and we will notify you of significant changes via email or a prominent notice on our website.

  10. Contact Us

  If you have any questions about this Privacy Policy or our data practices, please contact us at:

  Email: support@cloudcapsule.io